OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jason Craig (craigagdean.ucdavis.edu)
Date: Wed Feb 13 2002 - 12:28:13 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    M$ is full of crap on this one...

    We don't use SNMP for anything, and we're finding it randomly enabled on a
    number of workstations and nearly all win2k servers. We are running
    locked-down IIS and OWA, and for whatever reason, these services turn on
    SNMP. However, turning it off doesn't seem to hamper them. So, the obvious
    logical question ensues: why do IIS and OWA (and possibly just win2k server)
    enable SNMP while not requiring SNMP to function properly? Additionally,
    why do some installs of wkstn enable SNMP while others do not? I can verify
    nearly all of these instances as I am the one doing the installs (and yes,
    personal web server was never installed).

    -jc

    -----Original Message-----
    From: Valdis.Kletnieksvt.edu [mailto:Valdis.Kletnieksvt.edu]
    Sent: Wednesday, February 13, 2002 9:55 AM
    To: Eric Brandwine
    Cc: Davis Ray Sickmon, Jr; incidentslists.securityfocus.com
    Subject: Re: SNMP vulnerability test?

    On Wed, 13 Feb 2002 00:34:00 GMT, Eric Brandwine said:

    > What're they printing from? I'd check that first. The number of
    > win98/nt/2k hosts listening on SNMP is terrifying.

    How did it get turned on? Microsoft said in the CERT advisory:

         Summary:
         All Microsoft implementations of SNMP v1 are affected by the
         vulnerability. The SNMP v1 service is not installed or running by
         default on any version of Windows. A patch is underway to eliminate
         the vulnerability. In the meantime, we recommend that affected
         customers disable the SNMP v1 service.

    Is this like the "W2K doesn't install IIS, but if you upgraded a machine
    that had Personal Webpage (or whatever it was) it will upgrade that to IIS"? 

    -- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

    ----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com