>>>>> "vk" == Valdis Kletnieks <Valdis.Kletnieks_at_vt.edu> writes:
>> What're they printing from? I'd check that first. The number of
>> win98/nt/2k hosts listening on SNMP is terrifying.
vk> How did it get turned on? Microsoft said in the CERT advisory:
vk> Summary:
vk> All Microsoft implementations of SNMP v1 are affected by the
vk> vulnerability. The SNMP v1 service is not installed or running by
vk> default on any version of Windows. A patch is underway to eliminate
vk> the vulnerability. In the meantime, we recommend that affected
vk> customers disable the SNMP v1 service.
vk> Is this like the "W2K doesn't install IIS, but if you upgraded a
vk> machine that had Personal Webpage (or whatever it was) it will
vk> upgrade that to IIS"?
Win2k Server does install and listen on snmpv1, public by default (at
least our CDs of it do). I have no idea how or why it was enabled,
but a little quick scanning turned up some scary results.
Similarly, we disable snmpdx on all our Sun hardware. Several patches
from Sun re-enable this service. They don't restart it, they just
replace the /etc/rc3.d/S76snmpdx init script. So the next time the
system boots, you get a happy surprise.
ericb
--
Eric Brandwine | There are only two truly infinite things, the universe
UUNetwork Security | and stupidity. And I am unsure about the universe.
ericb_at_uu.net |
+1 703 886 6038 | - Albert Einstein
Key fingerprint = 3A39 2C2F D5A0 FC7C 5F60 4118 A84A BD5D 59D7 4E3E
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
Received on Feb 13 2002
Intro
