|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: jason (jpotopa
qwest.net)Date: Tue Feb 12 2002 - 13:43:07 CST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://www.cert.org/advisories/CA-2002-03.html
- ----- Original Message -----
From: "H C" <keydet89yahoo.com>
To: "Gary Golomb" <gee_twoyahoo.com>;
<incidentslists.securityfocus.com>
Sent: Thursday, February 07, 2002 3:06 PM
Subject: Re: new SNMP vuln?
> Gary,
>
> Not too much technical detail, but I would think that
> this relates back to failing to change the default
> community strings. If this is in fact the case, it
> really isn't anything new.
>
>
>
> --- Gary Golomb <gee_twoyahoo.com> wrote:
> >
> > Hello all!
> >
> > This is the third time in the past 24 hours I have
> > heard about this from
> > *completely* different sources, but cannot find
> > anything on it. Does anyone
> > here have additional details? Have any of the
> > up-and-running honeypots seen
> > anything?
> >
> > Thank you in advance!
> >
> > -gary
> >
> >
> > > I got a call from one of my customers last night
> > who just
> > > returned from a
> > > North American Network Operators' Group (NANOG)
> > security conference.
> > > Apparently, a tool was written in a university in
> > Finland
> > > that exploits
> > > SNMP vulnerabilities. One of the many things it
> > does is send
> > > 1 packet to a
> > > router that disables the router.
> > >
> > > The tool was removed from several web sites in
> > order to give vendors a
> > > chance to react--but you know how that goes.
> > Whether it is
> > > in the wild now
> > > or not, is not the pressing issue. The issue is
> > that it will be soon.
> > >
> > > It was explained that it was tested on a Cisco and
> > Nortel
> > > router and proven
> > > effective. They are already working on a fix. I
> > was
> > > informed that they
> > > tried to call some guy named "Henry Fiallo" to
> > inform us as well.
> > >
> >
> >
> > Gary Golomb
> > Research Engineer, Intrusion Detection
> > Enterasys Networks
> > 7160 Columbia Gateway Dr, #201
> > Columbia, MD 21044
> > Phone: 410-312-3194 x223
> > FAX: 410-312-4840
> > Email: ggolombenterasys.com
> > www: http://www.enterasys.com/ids/
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Send FREE Valentine eCards with Yahoo! Greetings!
> > http://greetings.yahoo.com
> >
> >
> --------------------------------------------------------------------
> --------
> > This list is provided by the SecurityFocus ARIS
> > analyzer service.
> > For more information on this free incident handling,
> > management
> > and tracking system please see:
> > http://aris.securityfocus.com
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Send FREE Valentine eCards with Yahoo! Greetings!
> http://greetings.yahoo.com
>
> --------------------------------------------------------------------
> -------- This list is provided by the SecurityFocus ARIS analyzer
> service.
> For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
iQA/AwUBPGlwSlL3u0OElmjPEQKNWgCg7laRBqP0sQfd3dNgl8kKMe0rN50AoJ8/
eAZGKN5FdtbFYsLzMwXLu5Rf
=Ccfb
-----END PGP SIGNATURE-----
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]