nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Warning: Cisco RW community backdoor.

From: Omachonu Ogali <missnglnk () informationwave net>
Date: Mon, 26 Feb 2001 23:37:07 -0500

On Mon, Feb 26, 2001 at 11:06:42PM -0500, John Fraizer wrote:


On 26 Feb 2001, Sean Donelan wrote:



It appears more than one vendor shared the same SNMP library (or
SNMP programmer).  Folks have sent me evidence at least two other
vendor's equipment has similar responses to the same SNMP community
string ILMI.

However, there are other non-related SNMP issues.  Many SNMP
implementations included the default community strings "public"
and "private".  If the operator doesn't change them, the defaults
may still work.  The other common SNMP implementation issue is if
no community string is specified, the SNMP agent accepts any
community string.

If you are checking your network, I'd suggest checking for all
three possibilities.





IMHO, if no communities are supplied, the SNMP daemon should not respond
at all.

While I agree that "public" and "private" are "wellknowns," in most
implementations, they at least show up in the code.  Cisco chose to hide
this one where it would not show up in the code.  That IMHO is a very bad
thing and does bad things to my confidence level in Cisco.


Please, stop the damn FUD, how do you know it wasn't accidentally left
in by a programmer doing debugging? I bet you assume all buffer overflows
are purposely put in also, eh? Sure. I expect it to cut back on your
confidence in Cisco IOS, but also, what's this noise about code? Do you 
happen to have a hold on IOS source code or something that you personally
audit?


---
John Fraizer
EnterZone, Inc





-- 
Omachonu Ogali
missnglnk () informationwave net
http://www.informationwave.net
Previous By Date Next
Previous By Thread Next

Current thread: