Security Incidents mailing list archives
Re: Trojan attacking our switches
From: Mike Hoskins <mike () adept org>
Date: Fri, 21 Mar 2003 12:21:59 -0800 (PST)
On Thu, 20 Mar 2003, Charles Polisher wrote:
Search of CVE and securityfocus and googling did not turn up adequate information. Anyone seen this beast?
wrt SNMP vulnerabilities (seems relevant): http://www.cert.org/advisories/CA-2002-03.html
Telnetting into our HP Procurve 2524 switch shows an ongoing attempt to brute-force the SNMP community (public, of course). HP apparently does not provide a method for disbling SNMP, and we're going to have to visit all 93 switches in person to set a strong password -- yes, it had been left blank!
SNMP should be setn to a VLAN/management interface. Can you ACL the interface to only allow SNMP from trusted hosts? Also, I assume you only allow telnet from your management network. -mrh ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
Current thread:
- Trojan attacking our switches Charles Polisher (Mar 21)
- Re: Trojan attacking our switches dreamwvr () dreamwvr com (Mar 21)
- Re: Trojan attacking our switches Mike Hoskins (Mar 21)
- Re: Trojan attacking our switches Kris Saw (Mar 22)