|
Security Incidents
mailing list archives
new SNMP vuln?
From: Gary Golomb <gee_two () yahoo com>
Date: Thu, 7 Feb 2002 08:57:19 -0800 (PST)
Hello all!
This is the third time in the past 24 hours I have heard about this from
*completely* different sources, but cannot find anything on it. Does anyone
here have additional details? Have any of the up-and-running honeypots seen
anything?
Thank you in advance!
-gary
I got a call from one of my customers last night who just
returned from a
North American Network Operators' Group (NANOG) security conference.
Apparently, a tool was written in a university in Finland
that exploits
SNMP vulnerabilities. One of the many things it does is send
1 packet to a
router that disables the router.
The tool was removed from several web sites in order to give vendors a
chance to react--but you know how that goes. Whether it is
in the wild now
or not, is not the pressing issue. The issue is that it will be soon.
It was explained that it was tested on a Cisco and Nortel
router and proven
effective. They are already working on a fix. I was
informed that they
tried to call some guy named "Henry Fiallo" to inform us as well.
Gary Golomb
Research Engineer, Intrusion Detection
Enterasys Networks
7160 Columbia Gateway Dr, #201
Columbia, MD 21044
Phone: 410-312-3194 x223
FAX: 410-312-4840
Email: ggolomb () enterasys com
www: http://www.enterasys.com/ids/
__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- new SNMP vuln? Gary Golomb (Feb 07)
| 
Intro
