OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: H C (keydet89yahoo.com)
Date: Thu Feb 07 2002 - 15:06:28 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Gary,

    Not too much technical detail, but I would think that
    this relates back to failing to change the default
    community strings. If this is in fact the case, it
    really isn't anything new.

    --- Gary Golomb <gee_twoyahoo.com> wrote:
    >
    > Hello all!
    >
    > This is the third time in the past 24 hours I have
    > heard about this from
    > *completely* different sources, but cannot find
    > anything on it. Does anyone
    > here have additional details? Have any of the
    > up-and-running honeypots seen
    > anything?
    >
    > Thank you in advance!
    >
    > -gary
    >
    >
    > > I got a call from one of my customers last night
    > who just
    > > returned from a
    > > North American Network Operators' Group (NANOG)
    > security conference.
    > > Apparently, a tool was written in a university in
    > Finland
    > > that exploits
    > > SNMP vulnerabilities. One of the many things it
    > does is send
    > > 1 packet to a
    > > router that disables the router.
    > >
    > > The tool was removed from several web sites in
    > order to give vendors a
    > > chance to react--but you know how that goes.
    > Whether it is
    > > in the wild now
    > > or not, is not the pressing issue. The issue is
    > that it will be soon.
    > >
    > > It was explained that it was tested on a Cisco and
    > Nortel
    > > router and proven
    > > effective. They are already working on a fix. I
    > was
    > > informed that they
    > > tried to call some guy named "Henry Fiallo" to
    > inform us as well.
    > >
    >
    >
    > Gary Golomb
    > Research Engineer, Intrusion Detection
    > Enterasys Networks
    > 7160 Columbia Gateway Dr, #201
    > Columbia, MD 21044
    > Phone: 410-312-3194 x223
    > FAX: 410-312-4840
    > Email: ggolombenterasys.com
    > www: http://www.enterasys.com/ids/
    >
    > __________________________________________________
    > Do You Yahoo!?
    > Send FREE Valentine eCards with Yahoo! Greetings!
    > http://greetings.yahoo.com
    >
    >
    ----------------------------------------------------------------------------
    > This list is provided by the SecurityFocus ARIS
    > analyzer service.
    > For more information on this free incident handling,
    > management
    > and tracking system please see:
    > http://aris.securityfocus.com
    >

    __________________________________________________
    Do You Yahoo!?
    Send FREE Valentine eCards with Yahoo! Greetings!
    http://greetings.yahoo.com

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com