Home page logo

bugtraq logo Bugtraq mailing list archives

Re: cisco/ascend snmp config tool or exploit? -- Re: snmp problems still alive
From: lcamtuf () AGS PL (Michal Zalewski)
Date: Sun, 20 Feb 2000 20:11:23 +0100

Hmm, to keep you busy, here's brute-force spoofing scanner for writable
snmp communities. Requires NetCat and snmp tools (like snmpget) to be
installed. Scanning is mostly harmless - it tries to change
system.sysContact.0 to 'null' using common default communities (according
to securityfocus). Should be run as root.

In addition to list of machines given in initial post, it is known to
break some Cisco systems (but not recent IOSes, at least not in default
configuration), most of 3com products (there was another writable
community, which seems to be present everywhere, regardless of 'private',
which is disabled by administrators sometimes), HP switches, printers,
Ascend *DSL modems etc. Also, it should bypass most of stupid source IP
address restrictions for accessing the community.

Please use this tool to scan your network only.

Michal Zalewski * [lcamtuf () ags pl] <=> [AGS WAN SYSADM]
[dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl]
[+48 22 551 45 93] [+48 603 110 160] bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=

<LI>TEXT/PLAIN attachment: nmpscan_

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]