nanog mailing list archives
Re: Warning: Cisco RW community backdoor.
From: owen () dixon delong sj ca us (Owen DeLong)
Date: Tue, 27 Feb 2001 08:48:08 -0800
It applies to 12.0 and later, so testing it on an 11.x router doesn't help. Owen
It appears that 2500 are not affected. The fix below doesn't work on 11.1 and 11.2 , you have to turn snmp off by the looks. have fun. ----- Forwarded message from "James A. T. Rice" <jamesr () rd bbc co uk> ----- Date: Tue, 27 Feb 2001 00:39:38 +0000 (GMT) From: "James A. T. Rice" <jamesr () rd bbc co uk> X-Sender: <jamesr@inet15> To: <members () lonap net>, <ops () linx net> Subject: Warning: Cisco RW community backdoor. Precedence: bulk If your router responds to `snmpwalk router.isp.net.uk ILMI`, you probabally will want to do the following to disable it: conf t snmp-server community ILMI RO 99 access-list 99 deny any log (pick another spare access-list if 99 isn't available) If you dont, assuming your ios/hardware combination supports it, (most of the bigger routers do) anyone can do things like: `snmpset router.isp.net.uk ILMI system.sysName.0 s \ "ALL YOUR ROUTER ARE BELONG TO US."` Thats a harmless example. You can do almost anything with RW snmp. Warm Regards James -- James A. T. Rice | Email: jamesr () rd bbc co uk Internet Operations Engineer | Phone: 01737 839 737 BBC Internet Services, Kingswood Warren, Tadworth, Surrey, UK. ----- End forwarded message ----- --------- To unsubscribe from nznog, send email to majordomo () list waikato ac nz where the body of your message reads: unsubscribe nznog
Current thread:
- Re: Warning: Cisco RW community backdoor., (continued)
- Re: Warning: Cisco RW community backdoor. David Schwartz (Feb 26)
- Re: Warning: Cisco RW community backdoor. John Fraizer (Feb 26)
- Re: Warning: Cisco RW community backdoor. Eric Germann (Feb 26)
- Re: Warning: Cisco RW community backdoor. jlewis (Feb 27)
- Re: Warning: Cisco RW community backdoor. Dan Hollis (Feb 27)
- Re: Warning: Cisco RW community backdoor. Omachonu Ogali (Feb 26)
- Re: Warning: Cisco RW community backdoor. John Fraizer (Feb 26)
- RE: Warning: Cisco RW community backdoor. Chris Hallman (Feb 26)