Security Incidents mailing list archives
Re: new SNMP vuln?
From: "jason" <jpotopa () qwest net>
Date: Tue, 12 Feb 2002 13:43:07 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.cert.org/advisories/CA-2002-03.html - ----- Original Message ----- From: "H C" <keydet89 () yahoo com> To: "Gary Golomb" <gee_two () yahoo com>; <incidents () lists securityfocus com> Sent: Thursday, February 07, 2002 3:06 PM Subject: Re: new SNMP vuln?
Gary, Not too much technical detail, but I would think that this relates back to failing to change the default community strings. If this is in fact the case, it really isn't anything new. --- Gary Golomb <gee_two () yahoo com> wrote:Hello all! This is the third time in the past 24 hours I have heard about this from *completely* different sources, but cannot find anything on it. Does anyone here have additional details? Have any of the up-and-running honeypots seen anything? Thank you in advance! -garyI got a call from one of my customers last nightwho justreturned from a North American Network Operators' Group (NANOG)security conference.Apparently, a tool was written in a university inFinlandthat exploits SNMP vulnerabilities. One of the many things itdoes is send1 packet to a router that disables the router. The tool was removed from several web sites inorder to give vendors achance to react--but you know how that goes.Whether it isin the wild now or not, is not the pressing issue. The issue isthat it will be soon.It was explained that it was tested on a Cisco andNortelrouter and proven effective. They are already working on a fix. Iwasinformed that they tried to call some guy named "Henry Fiallo" toinform us as well.Gary Golomb Research Engineer, Intrusion Detection Enterasys Networks 7160 Columbia Gateway Dr, #201 Columbia, MD 21044 Phone: 410-312-3194 x223 FAX: 410-312-4840 Email: ggolomb () enterasys com www: http://www.enterasys.com/ids/ __________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com-------------------------------------------------------------------- --------This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com__________________________________________________ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com -------------------------------------------------------------------- -------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPGlwSlL3u0OElmjPEQKNWgCg7laRBqP0sQfd3dNgl8kKMe0rN50AoJ8/ eAZGKN5FdtbFYsLzMwXLu5Rf =Ccfb -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- new SNMP vuln? Gary Golomb (Feb 07)
- Re: new SNMP vuln? Mike Lewinski (Feb 07)
- Re: new SNMP vuln? James (Feb 07)
- Re: new SNMP vuln? H C (Feb 07)
- Re: new SNMP vuln? jason (Feb 12)
- Re: new SNMP vuln? Arthur Donkers (Feb 12)
- SNMP vulnerability test? Davis Ray Sickmon, Jr (Feb 12)
- Re: SNMP vulnerability test? Eric Brandwine (Feb 13)
- Re: SNMP vulnerability test? Valdis . Kletnieks (Feb 13)
- Re: SNMP vulnerability test? Eric Brandwine (Feb 13)
- Re: SNMP vulnerability test? Valdis . Kletnieks (Feb 13)
- Re: SNMP vulnerability test? Chris Ess (Feb 13)
- Re: new SNMP vuln? jason (Feb 12)
- Re: new SNMP vuln? Mike Lewinski (Feb 07)
- <Possible follow-ups>
- RE: new SNMP vuln? Rob Keown (Feb 12)
- Re: new SNMP vuln? Patrick Oonk (Feb 12)