mharrima101 (sent by Nabble.com) wrote: > Please excuse if this post is not in the correct place - I wasn't sure > where to put a question such as this. > > We are using an HP ProCurve switch in our network as a router ( it’s a > layer 3 switch ). We are communicating with all devices on the far side > of the router (HP switch) with SNMP – including the far side management > interface of the HP switch. When the switch responds to the SNMP query > it uses the near side IP address as the source address in the UDP header > – rather than the far side IP address that the query was addressed to. > Since this is not the IP that we are intending to talk to, our security > policy does not allow us to accept the message. > > Is the behavior of the HP switch legal under UPD? It seems to me as > though this should not be allowed. UDP is connectionless. From a UDP point of view, it is legal for the HP switch to send a UDP packet with any IP address from one of its own network interfaces (as per RFC1122, since it is acting as a host when it sources or sinks traffic). This may or may not be the case from SNMP's point of view, however, just as Sec 7.3 of RFC1035 points out a similar DNS "name server bug" (quoted from the RFC, as others have raised as related). I.e., this is probably an SNMP bug, possibly an SNMP protocol violation, but not a UDP issue. (hint: if you have to look at the UDP payload to decide if it's valid, it's not a UDP issue). Joe
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf