Security Incidents mailing list archives
Re: SNMP vulnerability test?
From: Chris Ess <azarin () tokimi net>
Date: Wed, 13 Feb 2002 16:08:11 -0500 (EST)
Win2k Server does install and listen on snmpv1, public by default (at least our CDs of it do). I have no idea how or why it was enabled, but a little quick scanning turned up some scary results.Thrills. Can anybody confirm this? Does Eric have wonky install CDs, or was the Microsoft portion of the CERT advisory incorrect?
This is what I've noticed from doing Windows 2000 Server installs on my company's set of CDs: The SNMP service is not installed by default. You have to manually select it during installation (Network Management Tools -> Simple Network Management Protocol iirc). However, if you opt to install it, then it will be nice, bright, happy, and live when the system boots. And with the default community of 'public'. Now, an interesting question is: How many OEM installs of Windows 2000 have SNMP enabled by default? Hopefully not very many... --- Chris Ess System Administrator / CDTT ( Certified Duct Tape Technician) ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: new SNMP vuln?, (continued)
- Re: new SNMP vuln? Mike Lewinski (Feb 07)
- Re: new SNMP vuln? James (Feb 07)
- Re: new SNMP vuln? H C (Feb 07)
- Re: new SNMP vuln? jason (Feb 12)
- Re: new SNMP vuln? Arthur Donkers (Feb 12)
- SNMP vulnerability test? Davis Ray Sickmon, Jr (Feb 12)
- Re: SNMP vulnerability test? Eric Brandwine (Feb 13)
- Re: SNMP vulnerability test? Valdis . Kletnieks (Feb 13)
- Re: SNMP vulnerability test? Eric Brandwine (Feb 13)
- Re: SNMP vulnerability test? Valdis . Kletnieks (Feb 13)
- Re: SNMP vulnerability test? Chris Ess (Feb 13)
- Re: new SNMP vuln? jason (Feb 12)
- Re: new SNMP vuln? Mike Lewinski (Feb 07)
- Re: new SNMP vuln? Patrick Oonk (Feb 12)