Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: snmp problems still alive...
From: jcomeau () DIALTONEINTERNET NET (John Comeau)
Date: Tue, 15 Feb 2000 18:18:12 -0500


Cisco 1924s for sure have "public" as rw string and "private" for ro,
and I'm about 80% sure the 2924 does too.

Many Cisco routers have an snmp "feature" with security ramifications
which Damir Rajnovic has agreed to post to Bugtraq (as of Jan. 1), but I
guess Cisco's lawyers have to hash it out for a few more weeks before
he'll be allowed to. If he doesn't, I will - jc

Michal Zalewski wrote:

Days ago, there was a discussion about world-readable snmp communities,
some people thought it was bad enough. Amazingly, I've found that a lot of
network devices (such as intelligent switches, WAN/LAN routers, ISDN/DSL
modems, remote access machines and even some user-end operating systems)
are by default configured with snmp enabled and unlimited access with
*write* privledges. It allows attacker to modify routing tables, status of
network interfaces and other vital system data, and seems to be extermely
dangerous. To make things even worse, some devices seems to tell that
write permission for given community is disabled, but you can still
successfully write to it - and other devices won't let you to set up snmp
access at all (eg. some modems and switches).

--
John Comeau - Chief Operating Officer
Dialtone Internet - Extremely Fast Web Systems
954-581-0097  fax://954-581-7629
jcomeau () dialtoneinternet net
http://www.dialtoneinternet.net



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]