OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Eric Brandwine (ericbUU.NET)
Date: Tue Feb 12 2002 - 18:34:00 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    >>>>> "drs" == Davis Ray Sickmon, <midrydermidnightryder.com> writes:

    drs> Besides crashing the device, what's the best way to test for the SNMP
    drs> vulnerability? I've got some hardware out there (Savin printers) that are

    There is no way, really. These packets are not designed to kill any
    particular kind of box, just to abuse SNMP. So short of custom
    designing packets, it'll go belly up.

    drs> leased (and thus, I have no admin access to them!), and have SNMP
    drs> on by default. I can test against similar hardware here in the
    drs> offices, but I'd rather not crash the accounting / office
    drs> people's favorite copier / printer ;-) I've seen three separate
    drs> lists of hardware that is vulnerable, but none of them look very
    drs> complete.

    This is what after-hours is for ;)

    Assume it's vulnerable. Everything we've tested (MANY vendors) has
    died, except for Lucent/Xedia VPN APs.

    At least Cisco/Juniper/Lucent/etc know how to spell s3kur1ty. I'll
    bet you that nobody at Savin has ever thought about IP security. They
    bought an IP/SNMP stack from someone, and just welded it in. Good
    luck getting patches. You'll spend hours just trying to explain what
    the problem is ;)

    drs> (I know, I know - it's a bloody printer. Big deal if it crashes,
    drs> right? Well, I'll get tired of listenin' to people whine if it's
    drs> down for even 30 seconds. Plus I figure it might be nice
    drs> information to pass on if there's a "friendly" way to determine
    drs> vulnerability.)

    What're they printing from? I'd check that first. The number of
    win98/nt/2k hosts listening on SNMP is terrifying.

    They're gonna whine more if they cannot get to the documents that they
    want to print.

    ericb 

    -- 
Eric Brandwine     |  Reality is that which, when you stop believing in it,
UUNetwork Security |  doesn't go away.
ericbuu.net       |
+1 703 886 6038    |      - Philip K. Dick
Key fingerprint = 3A39 2C2F D5A0 FC7C  5F60 4118 A84A BD5D  59D7 4E3E

    ----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com