Security Incidents mailing list archives
Re: SNMP Scans
From: Omar Herrera <oherrera () PRODIGY NET MX>
Date: Mon, 12 Mar 2001 22:30:54 -0600
H Carvey wrote:
Did anyone else catch what this guy was lookingfor? Any other increases inSNMP scans or exploit attempts?Did you happen to catch any scans for port 2301, as well? Compaq is a big player in the server market, and that's an issue with the push for ASP by a lot of companies. Compaq ships their Win2K servers w/ the Compaq stuff installed...Insight Manager, particularly, which uses SNMP. My experience has shown of the past couple of months that the community strings are left default. The httpd for the Insight Manager runs on port 2301... Carv
By the way, I found many NT proliant servers with this admin. tool installed, during an audit, were vulnerable. More precisely, the web server (some versions) on which this admin. tool runs allowed anyone to retrieve files from directories distinct from those on which the admin. tool files reside (well know vulnearbility in ancient versions of some web servers). Just try something like http://web.server.com:2301\..\..\..\windows\win.ini In the case of this audit, the problem was more complex because this administration tool is installed by default in many Compaq's servers, the company who bought these servers were not familiar with Compaq admin. tools and the reseller who installed these servers just 'forgot' to tell the client about it. So they almost get these machines connected to the internet with wide open holes accessible from the outside. (Side note: as noted above, not all versions of the web server were vulnerable, I can't recall the specific version numbers but nessus detected the vulnerable servers easily, I suppose that any other decent vulnerability scanner, open source or commercial will detect this as well). Omar
Current thread:
- SNMP Scans Crist Clark (Mar 05)
- <Possible follow-ups>
- Re: SNMP Scans H Carvey (Mar 11)
- Re: SNMP Scans Omar Herrera (Mar 12)
- Re: SNMP Scans MadHat (Mar 13)
- Re: SNMP Scans Omar Herrera (Mar 12)
- Re: SNMP Scans Chris Schuler (Mar 13)
- Re: SNMP Scans John Oliver (Mar 14)
- Port 111 Scans (odd single IP# probes too) Bryan Andersen (Mar 14)
- Re: Port 111 Scans (odd single IP# probes too) Scott Nursten (Mar 15)
- Re: Port 111 Scans (odd single IP# probes too) Rob Kouwenberg (Mar 15)
- Re: SNMP Scans John (Mar 14)
- Re: SNMP Scans Eric Kimminau (Mar 14)
- Re: SNMP Scans Golden_Eternity (Mar 15)