Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: Router worm exploiting poor SNMP security.
From: Lars Nygård <lars () SNART COM>
Date: Wed, 13 Dec 2000 15:58:16 -0000
Additional information
If you know the SNMP read/write community it should 
be no problem to upload files to Nortel routers. This is 
done today with Site Manager. I'm guessing this is 
done by enabling tftp. 

BayRS has it's own script language, which I believe 
can be used to write such a worm. What I'm not sure 
of is if it's possible to send SNMP packets with such 
a script. 

The problem would be to execute the script on a 
remote router. I'm not sure if this is possible. 
It's however possible to execute ping from a remote 
router with SNMP (again this can be done with Site 
Manager).
I'm guessing this might makes it possible to find an 
exploit. Perhaps by modifying the MIB entry  
wfIcmp.wfIcmpExecute.1. Only guessing here.

Anyone out there who got the answers?

-Lars Nygård

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]