Security Incidents: Re: new SNMP vuln?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: new SNMP vuln?

From: H C <keydet89 () yahoo com>
Date: Thu, 7 Feb 2002 13:06:28 -0800 (PST)

Gary,

Not too much technical detail, but I would think that
this relates back to failing to change the default
community strings.  If this is in fact the case, it
really isn't anything new.



--- Gary Golomb <gee_two () yahoo com> wrote:


Hello all!

This is the third time in the past 24 hours I have
heard about this from
*completely* different sources, but cannot find
anything on it. Does anyone
here have additional details? Have any of the
up-and-running honeypots seen
anything?

Thank you in advance!

-gary

I got a call from one of my customers last night

who just

returned from a
North American Network Operators' Group (NANOG)

security conference.

Apparently, a tool was written in a university in

Finland

that exploits
SNMP vulnerabilities.  One of the many things it

does is send

1 packet to a
router that disables the router.

The tool was removed from several web sites in

order to give vendors a

chance to react--but you know how that goes.

Whether it is

in the wild now
or not, is not the pressing issue.  The issue is

that it will be soon.


It was explained that it was tested on a Cisco and

Nortel

router and proven
effective.  They are already working on a fix.  I

was

informed that they
tried to call some guy named "Henry Fiallo" to

inform us as well.

 

Gary Golomb
Research Engineer, Intrusion Detection 
Enterasys Networks
7160 Columbia Gateway Dr, #201
Columbia, MD 21044
Phone:  410-312-3194 x223
FAX:    410-312-4840 
Email:  ggolomb () enterasys com 
www:    http://www.enterasys.com/ids/

__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS
analyzer service.
For more information on this free incident handling,
management 
and tracking system please see:
http://aris.securityfocus.com



__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

By Date By Thread

Current thread:

new SNMP vuln? Gary Golomb (Feb 07)
- Re: new SNMP vuln? Mike Lewinski (Feb 07)
  - Re: new SNMP vuln? James (Feb 07)
- Re: new SNMP vuln? H C (Feb 07)
  - Re: new SNMP vuln? jason (Feb 12)
    - Re: new SNMP vuln? Arthur Donkers (Feb 12)
    - SNMP vulnerability test? Davis Ray Sickmon, Jr (Feb 12)
    - Re: SNMP vulnerability test? Eric Brandwine (Feb 13)
    - Re: SNMP vulnerability test? Valdis . Kletnieks (Feb 13)