OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Arthur Donkers (arthurreseau.nl)
Date: Tue Feb 12 2002 - 14:55:29 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Tue, 12 Feb 2002, jason wrote:

    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > http://www.cert.org/advisories/CA-2002-03.html

    This is de URL of the Uni from Finland that started it all:

    http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html

    read and weep....

    grtz,

    Arthur

    >
    > - ----- Original Message -----
    > From: "H C" <keydet89yahoo.com>
    > To: "Gary Golomb" <gee_twoyahoo.com>;
    > <incidentslists.securityfocus.com>
    > Sent: Thursday, February 07, 2002 3:06 PM
    > Subject: Re: new SNMP vuln?
    >
    >
    > > Gary,
    > >
    > > Not too much technical detail, but I would think that
    > > this relates back to failing to change the default
    > > community strings. If this is in fact the case, it
    > > really isn't anything new.
    > >
    > >
    > >
    > > --- Gary Golomb <gee_twoyahoo.com> wrote:
    > > >
    > > > Hello all!
    > > >
    > > > This is the third time in the past 24 hours I have
    > > > heard about this from
    > > > *completely* different sources, but cannot find
    > > > anything on it. Does anyone
    > > > here have additional details? Have any of the
    > > > up-and-running honeypots seen
    > > > anything?
    > > >
    > > > Thank you in advance!
    > > >
    > > > -gary
    > > >
    > > >
    > > > > I got a call from one of my customers last night
    > > > who just
    > > > > returned from a
    > > > > North American Network Operators' Group (NANOG)
    > > > security conference.
    > > > > Apparently, a tool was written in a university in
    > > > Finland
    > > > > that exploits
    > > > > SNMP vulnerabilities. One of the many things it
    > > > does is send
    > > > > 1 packet to a
    > > > > router that disables the router.
    > > > >
    > > > > The tool was removed from several web sites in
    > > > order to give vendors a
    > > > > chance to react--but you know how that goes.
    > > > Whether it is
    > > > > in the wild now
    > > > > or not, is not the pressing issue. The issue is
    > > > that it will be soon.
    > > > >
    > > > > It was explained that it was tested on a Cisco and
    > > > Nortel
    > > > > router and proven
    > > > > effective. They are already working on a fix. I
    > > > was
    > > > > informed that they
    > > > > tried to call some guy named "Henry Fiallo" to
    > > > inform us as well.
    > > > >
    > > >
    > > >
    > > > Gary Golomb
    > > > Research Engineer, Intrusion Detection
    > > > Enterasys Networks
    > > > 7160 Columbia Gateway Dr, #201
    > > > Columbia, MD 21044
    > > > Phone: 410-312-3194 x223
    > > > FAX: 410-312-4840
    > > > Email: ggolombenterasys.com
    > > > www: http://www.enterasys.com/ids/
    > > >
    > > > __________________________________________________
    > > > Do You Yahoo!?
    > > > Send FREE Valentine eCards with Yahoo! Greetings!
    > > > http://greetings.yahoo.com
    > > >
    > > >
    > > --------------------------------------------------------------------
    > > --------
    > > > This list is provided by the SecurityFocus ARIS
    > > > analyzer service.
    > > > For more information on this free incident handling,
    > > > management
    > > > and tracking system please see:
    > > > http://aris.securityfocus.com
    > > >
    > >
    > >
    > > __________________________________________________
    > > Do You Yahoo!?
    > > Send FREE Valentine eCards with Yahoo! Greetings!
    > > http://greetings.yahoo.com
    > >
    > > --------------------------------------------------------------------
    > > -------- This list is provided by the SecurityFocus ARIS analyzer
    > > service.
    > > For more information on this free incident handling, management
    > and tracking system please see: http://aris.securityfocus.com
    >
    > -----BEGIN PGP SIGNATURE-----
    > Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
    >
    > iQA/AwUBPGlwSlL3u0OElmjPEQKNWgCg7laRBqP0sQfd3dNgl8kKMe0rN50AoJ8/
    > eAZGKN5FdtbFYsLzMwXLu5Rf
    > =Ccfb
    > -----END PGP SIGNATURE-----
    >
    >
    >
    > ----------------------------------------------------------------------------
    > This list is provided by the SecurityFocus ARIS analyzer service.
    > For more information on this free incident handling, management
    > and tracking system please see: http://aris.securityfocus.com
    >

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management
    and tracking system please see: http://aris.securityfocus.com