Posted: Thu Jun 06, 2019 16:03 Post subject: Could someone explain why SNMP is gone
i have seen in Changeset 39154
"without openssl, we wont add snmp anymore"
For me it makes no sense because why is snmp depending from openssl.
In my case i have no chance to monitor my router anymore.
"SNMP provides an easy way for administrators to get topology information about their networks and even provides some management of remote devices and servers. However, you have to be very careful that you correctly block SNMP traffic at your firewall; otherwise, hackers can also use it to gather that valuable network information and exploit vulnerabilities." _________________ FORUM RULES
"SNMP provides an easy way for administrators to get topology information about their networks and even provides some management of remote devices and servers. However, you have to be very careful that you correctly block SNMP traffic at your firewall; otherwise, hackers can also use it to gather that valuable network information and exploit vulnerabilities."
I'm not sure I can see how this is any different from blocking SSH, Telnet, and even http/https from the WAN? This is basic SOP stuff, right? If you don't know how to make sure this stuff is blocked on the WAN, you probably shouldn't be using dd-wrt in the first place... just my 2 cents..
Joined: 21 Jan 2017 Posts: 1783 Location: Illinois Moderator
Posted: Sat Jun 08, 2019 1:32 Post subject: WHY IS SNMP GONE ON MANY ROUTERS
OK lazy people, I know reading is too hard...but read this and be done...
If your router is older and has 8mb flash (also affects many 16mb flash size routers too), there's not enough room to include openssl in the code. As such, you won't be able to have secure access to SNMP; so BS removed SNMP to keep you guys using low flash size routers safe.
There. clear as mud... _________________ FORUM RULES
"SNMP provides an easy way for administrators to get topology information about their networks and even provides some management of remote devices and servers. However, you have to be very careful that you correctly block SNMP traffic at your firewall; otherwise, hackers can also use it to gather that valuable network information and exploit vulnerabilities."
Not really logical for me. If you know what you doing and in secure enviroments it is possible to use SNMP without any risk. If SNMP inside the firmware i can decide to enable it or not. At the moment i have no chance anymore to monitor the traffic or cpu or memory. For me there are other things i can renounce.
Like the hole Hotspot Portal stuff. But anyway.
Not really logical for me. If you know what you doing and in secure enviroments it is possible to use SNMP without any risk. If SNMP inside the firmware i can decide to enable it or not. At the moment i have no chance anymore to monitor the traffic or cpu or memory. For me there are other things i can renounce.
Like the hole Hotspot Portal stuff. But anyway.
++1, for moving the capture web portal code in DD-WRT to outside the "standard" release channel. This may create additional space (i.e. 8mb flash routers) for secure admin features like SNMP over SSL. In summary, serious minded network folks need the SNMP option to manage/monitor our network service. _________________ Atheros
TP-Link TL-WDR4300 v1 ----- DD-WRT 39956 BS (AP, VAP, Router, AP Isolation, Firewall, VLAN, QoS)
TP-Link TL-WDR3600 v1 ----- DD-WRT 41517 BS (AP, VAP, Router, AP Isolation, Firewall, VLAN, QoS) Ralink/RT2880
AirLink101 150N (AR670W) --DD-WRT ??? BS (AP,NAT,Firewall)
Posted: Mon Jun 17, 2019 7:44 Post subject: Thanks i see i am not alone
For now i desided to downgrade to : DD-WRT v3.0-r39137 std (03/10/19) an will stay there because this is the last release with snmp inside. My devices have no connection to the internet i use them only as AP.