|
Vulnerability Development
mailing list archives
Re: Router worm exploiting poor SNMP security.
From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Thu, 14 Dec 2000 12:29:00 -0500
On Wed, 13 Dec 2000, M ixter wrote:
[after an inquiry about an snmp worm]
That's certainly an interesting thought... I routinely find
default communities in routers during penetration tests, and
the problem is much more widespread than many people think.
presumably you'd be using snmpset, right, to maliciously infect? why not
consider TFTP transfers of boot images to various routers, too, to spread.
since TFTP is never authenticated, it should be trivial to spoof the TFTP
server. i know that quite a number of popular routers are capable of TFTP,
is it still in wide use in the wild (i don't work on other people's
routers).
____________________________
jose nazario jose () cwru edu
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
 By Date 
By Thread
Current thread:
- Re: Router worm exploiting poor SNMP security., (continued)
|
Intro
