If you have heard about the CERT/CC advisory on SNMP vulnerabilities, you should read the following:

The only affected Netaphor product might be Cyberons for Java. Cyberons -- Active X SNMP Manager control has no trap reception abilities, and therefore is not affected as mentioned in the advisory.

As it stands, the weakness that can be exploited is a DoS style attack, which can send malformed PDUs to SNMP manager applications. This is of concern only if you have SNMP, a protocol designed to be used in intranets, enabled on your company firewall. Under such circumstances, a malicious attack can cause the shutdown of the manager application. Note that if you have enabled SNMP access from the outside world, a high burst of perfectly valid SNMP v1 packets can still cause a DoS condition. There is no defense against such an attack short of closing the firewall access.

Netaphor's recommendation is to follow the following steps:

1. Shut off external access to your internal SNMP managers if possible.

2. If you have trap reception functionality inside software using the Cyberons for Java toolkit, and you are unable or unwilling to do Step 1., you need to obtain a patch for the manager toolkit.

These patches are available for all customers who have signed up for support with Netaphor. In most cases, these have already been made available.

All other customers need to contact Netaphor Software (949) 470 7955. Customers using versions prior to 2.0 must upgrade to the latest version get these patches.

We thank all of our customers, and promise to work with you to address these and other issues as they arise.