>>>>> "vk" == Valdis Kletnieks <Valdis.Kletnieksvt.edu> writes:

>> What're they printing from? I'd check that first. The number of
>> win98/nt/2k hosts listening on SNMP is terrifying.

vk> How did it get turned on? Microsoft said in the CERT advisory:

vk> Summary:
vk> All Microsoft implementations of SNMP v1 are affected by the
vk> vulnerability. The SNMP v1 service is not installed or running by
vk> default on any version of Windows. A patch is underway to eliminate
vk> the vulnerability. In the meantime, we recommend that affected
vk> customers disable the SNMP v1 service.

vk> Is this like the "W2K doesn't install IIS, but if you upgraded a
vk> machine that had Personal Webpage (or whatever it was) it will
vk> upgrade that to IIS"?

Win2k Server does install and listen on snmpv1, public by default (at
least our CDs of it do). I have no idea how or why it was enabled,
but a little quick scanning turned up some scary results.

Similarly, we disable snmpdx on all our Sun hardware. Several patches
from Sun re-enable this service. They don't restart it, they just
replace the /etc/rc3.d/S76snmpdx init script. So the next time the
system boots, you get a happy surprise.

ericb

-- 
Eric Brandwine     |  There are only two truly infinite things, the universe
UUNetwork Security |  and stupidity.  And I am unsure about the universe.
ericbuu.net       |
+1 703 886 6038    |      - Albert Einstein
Key fingerprint = 3A39 2C2F D5A0 FC7C  5F60 4118 A84A BD5D  59D7 4E3E
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]