OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: snmp problems still alive...
From: John Comeau (jcomeauDIALTONEINTERNET.NET)
Date: Tue Feb 15 2000 - 17:18:12 CST

Cisco 1924s for sure have "public" as rw string and "private" for ro,
and I'm about 80% sure the 2924 does too.

Many Cisco routers have an snmp "feature" with security ramifications
which Damir Rajnovic has agreed to post to Bugtraq (as of Jan. 1), but I
guess Cisco's lawyers have to hash it out for a few more weeks before
he'll be allowed to. If he doesn't, I will - jc

Michal Zalewski wrote:
>
> Days ago, there was a discussion about world-readable snmp communities,
> some people thought it was bad enough. Amazingly, I've found that a lot of
> network devices (such as intelligent switches, WAN/LAN routers, ISDN/DSL
> modems, remote access machines and even some user-end operating systems)
> are by default configured with snmp enabled and unlimited access with
> *write* privledges. It allows attacker to modify routing tables, status of
> network interfaces and other vital system data, and seems to be extermely
> dangerous. To make things even worse, some devices seems to tell that
> write permission for given community is disabled, but you can still
> successfully write to it - and other devices won't let you to set up snmp
> access at all (eg. some modems and switches). 

--
John Comeau - Chief Operating Officer
Dialtone Internet - Extremely Fast Web Systems
954-581-0097  fax://954-581-7629
jcomeaudialtoneinternet.net
http://www.dialtoneinternet.net