Microsoft KB Archive/99880

= SNMP Agent Responds to Any Community Name =

Article ID: 99880

Article Last Modified on 11/1/2006

-

APPLIES TO


 * Microsoft Windows NT Advanced Server 3.1
 * Microsoft Windows NT Workstation 3.1

-



This article was previously published under Q99880



SUMMARY
Windows NT provides support for Microsoft Simple Network Management Protocol (SNMP) on a TCP/IP network. The security options for SNMP include a list of community names. If you remove all the community names, including the default name, Public, SNMP will respond to any community names presented.

This is expected behavior, as described in the request for comments document, RFC 1157:

An SNMP message originated by an SNMP application entity that in fact belongs to the SNMP community named by the community component of said message is called an authentic SNMP message. The set of rules by which an SNMP message is identified as an authentic SNMP message for a particular SNMP community is called an authentication scheme. An implementation of a function that identifies authentic SNMP messages according to one or more authentication schemes is called an authentication service.

Clearly, effective management of administrative relationships among SNMP application entities requires authentication services that (by the use of encryption or other techniques) are able to identify authentic SNMP messages with a high degree of certainty. Some SNMP implementations may wish to support only a trivial authentication service that identifies all SNMP messages as authentic SNMP messages.

When there are no community names identified, Windows NT follows the specification noted in the last sentence:

Some SNMP implementations may wish to support only a trivial authentication service that identifies all SNMP messages as authentic SNMP messages.

Additional query words: prodnt tcp ip

Keywords: kbnetwork KB99880

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.