Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ISS Security Advisory: Hidden community string in SNMP

From: sugarat () THUNDERHOLD SUGARAT NET (sugarat)
Date: Mon, 16 Nov 1998 16:49:58 -0500




I am seeing the same results on a 2.6 and a 2.5.1 system with B.5.01 NNM
installed.

matt


Do you only see the output when you are on the local machine?
How about from spoofed 127.0.0.1 packets?  Is sending a reset from 127.0.0.1
enough to make hte host think it is the local machine?
If so, then a local firewall, not permitting 127 packets from outside the
machine is necessary, and even then you better trust the people who have
access to the box itself.

We have tried a box, Solaris 2.6 patched to current (current as of september),
that is running the default Sun snmpd binary.  The hidden community
"all private" worked from local and remote machines.

I'm not quite sure what we're going to do about this, but on non critical
boxes, ie: the ones we watch only for cold start traps, we have turned of
snmpd and use shell scripts that call snmptrap to send the traps we need to
receive.

If anybody else has any solutions, I'm sure we'd all love to hear them.

-Tim
--
Timothy Kennedy                 |       Erol's Internet Service
Network Administrator           |       1-703-321-8000 ext. 2224
sugarat () erols com               |       http://www.erols.com
Previous By Date Next
Previous By Thread Next

Current thread: