Hello all!

This is the third time in the past 24 hours I have heard about this from
*completely* different sources, but cannot find anything on it. Does anyone
here have additional details? Have any of the up-and-running honeypots seen
anything?

Thank you in advance!

-gary

> I got a call from one of my customers last night who just
> returned from a
> North American Network Operators' Group (NANOG) security conference.
> Apparently, a tool was written in a university in Finland
> that exploits
> SNMP vulnerabilities. One of the many things it does is send
> 1 packet to a
> router that disables the router.
>
> The tool was removed from several web sites in order to give vendors a
> chance to react--but you know how that goes. Whether it is
> in the wild now
> or not, is not the pressing issue. The issue is that it will be soon.
>
> It was explained that it was tested on a Cisco and Nortel
> router and proven
> effective. They are already working on a fix. I was
> informed that they
> tried to call some guy named "Henry Fiallo" to inform us as well.
>
 

Gary Golomb
Research Engineer, Intrusion Detection
Enterasys Networks
7160 Columbia Gateway Dr, #201
Columbia, MD 21044
Phone: 410-312-3194 x223
FAX: 410-312-4840
Email: ggolombenterasys.com
www: http://www.enterasys.com/ids/

__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]