Besides crashing the device, what's the best way to test for the SNMP
vulnerability? I've got some hardware out there (Savin printers) that are
leased (and thus, I have no admin access to them!), and have SNMP on by
default. I can test against similar hardware here in the offices, but I'd
rather not crash the accounting / office people's favorite copier / printer
;-) I've seen three separate lists of hardware that is vulnerable, but none
of them look very complete.

(I know, I know - it's a bloody printer. Big deal if it crashes, right?
Well, I'll get tired of listenin' to people whine if it's down for even 30
seconds. Plus I figure it might be nice information to pass on if there's a
"friendly" way to determine vulnerability.)

J R Sickmon,
Creek Electric, Inc.

(Or whoever I am at this hour...)

----- Original Message -----
From: "Arthur Donkers" <arthurreseau.nl>
To: <incidentslists.securityfocus.com>
Sent: Tuesday, February 12, 2002 2:55 PM
Subject: Re: new SNMP vuln?

> On Tue, 12 Feb 2002, jason wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > http://www.cert.org/advisories/CA-2002-03.html
>
> This is de URL of the Uni from Finland that started it all:
>
> http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html
>
> read and weep....
>
> grtz,
>
> Arthur
>
> >
> > - ----- Original Message -----
> > From: "H C" <keydet89yahoo.com>
> > To: "Gary Golomb" <gee_twoyahoo.com>;
> > <incidentslists.securityfocus.com>
> > Sent: Thursday, February 07, 2002 3:06 PM
> > Subject: Re: new SNMP vuln?
> >
> >
> > > Gary,
> > >
> > > Not too much technical detail, but I would think that
> > > this relates back to failing to change the default
> > > community strings. If this is in fact the case, it
> > > really isn't anything new.
> > >
> > >
> > >
> > > --- Gary Golomb <gee_twoyahoo.com> wrote:
> > > >
> > > > Hello all!
> > > >
> > > > This is the third time in the past 24 hours I have
> > > > heard about this from
> > > > *completely* different sources, but cannot find
> > > > anything on it. Does anyone
> > > > here have additional details? Have any of the
> > > > up-and-running honeypots seen
> > > > anything?
> > > >
> > > > Thank you in advance!
> > > >
> > > > -gary
> > > >
> > > >
> > > > > I got a call from one of my customers last night
> > > > who just
> > > > > returned from a
> > > > > North American Network Operators' Group (NANOG)
> > > > security conference.
> > > > > Apparently, a tool was written in a university in
> > > > Finland
> > > > > that exploits
> > > > > SNMP vulnerabilities. One of the many things it
> > > > does is send
> > > > > 1 packet to a
> > > > > router that disables the router.
> > > > >
> > > > > The tool was removed from several web sites in
> > > > order to give vendors a
> > > > > chance to react--but you know how that goes.
> > > > Whether it is
> > > > > in the wild now
> > > > > or not, is not the pressing issue. The issue is
> > > > that it will be soon.
> > > > >
> > > > > It was explained that it was tested on a Cisco and
> > > > Nortel
> > > > > router and proven
> > > > > effective. They are already working on a fix. I
> > > > was
> > > > > informed that they
> > > > > tried to call some guy named "Henry Fiallo" to
> > > > inform us as well.
> > > > >
> > > >
> > > >
> > > > Gary Golomb
> > > > Research Engineer, Intrusion Detection
> > > > Enterasys Networks
> > > > 7160 Columbia Gateway Dr, #201
> > > > Columbia, MD 21044
> > > > Phone: 410-312-3194 x223
> > > > FAX: 410-312-4840
> > > > Email: ggolombenterasys.com
> > > > www: http://www.enterasys.com/ids/
> > > >
> > > > __________________________________________________
> > > > Do You Yahoo!?
> > > > Send FREE Valentine eCards with Yahoo! Greetings!
> > > > http://greetings.yahoo.com
> > > >
> > > >
> > > --------------------------------------------------------------------
> > > --------
> > > > This list is provided by the SecurityFocus ARIS
> > > > analyzer service.
> > > > For more information on this free incident handling,
> > > > management
> > > > and tracking system please see:
> > > > http://aris.securityfocus.com
> > > >
> > >
> > >
> > > __________________________________________________
> > > Do You Yahoo!?
> > > Send FREE Valentine eCards with Yahoo! Greetings!
> > > http://greetings.yahoo.com
> > >
> > > --------------------------------------------------------------------
> > > -------- This list is provided by the SecurityFocus ARIS analyzer
> > > service.
> > > For more information on this free incident handling, management
> > and tracking system please see: http://aris.securityfocus.com
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
> >
> > iQA/AwUBPGlwSlL3u0OElmjPEQKNWgCg7laRBqP0sQfd3dNgl8kKMe0rN50AoJ8/
> > eAZGKN5FdtbFYsLzMwXLu5Rf
> > =Ccfb
> > -----END PGP SIGNATURE-----
> >
> >
> >
>
> --------------------------------------------------------------------------

--
> > This list is provided by the SecurityFocus ARIS analyzer service.
> > For more information on this free incident handling, management
> > and tracking system please see: http://aris.securityfocus.com
> >
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management
> and tracking system please see: http://aris.securityfocus.com
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]