Re: snmp vulnerablities

[Dave Ryan <dave.ryan () eircom net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter Van Epp said the following on Tue, Jul 17, 2001 at 11:06:17AM -0700, 
>       My guess would be that the original poster is trying to exploit the 
> Solaris SNMP hole (where an echo might make some sense since its a Unix box)
> but didn't know it (or at least didn't articulate it). It came across bugtraq
> some time ago so a search in the bugtraq archives may be productive. I didn't
> look closer than to make sure we had already disabled the program involved
> (probably by removing the SUID bit from the program) so I didn't check the
> details.

Correct, for general consumption:

http://www.hack.co.za/download.php?sid=1377

As for comments on protecting SNMPv1 with ACL's and obfuscated Community
Strings, that is laughable at best. A better solution is to run with SNMPv3
using AuthPriv functionality, seems like some of the popular management
systems don't yet support v3 capabilities. 

Other solution is to tunnel SNMPv1/2c over IPSec, varyig configurations, I
would be more concerned with management<->host authentication than going full
ESP, but circumstances dictate.

Regards.

- -- 
Dave Ryan               Computer Incident Response Team 
dave.ryan () eircom net Eircom Multimedia

"I see dumb people. All the time." - Simple Nomad
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (OpenBSD)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjtUli8ACgkQHSjBCI+q2yJ9wwCfaBS5NmARFGCii2bOgBnub0v3
g8QAniWiI1bL8R6IWkB8emwFJ0wLAM5Q
=lNbC
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/