Re: Warning: Cisco RW community backdoor.

[owen () dixon delong sj ca us (Owen DeLong)]

It applies to 12.0 and later, so testing it on an 11.x router doesn't
help.

Owen

> It appears that 2500 are not affected.
>
> The fix below doesn't work on 11.1 and 11.2 , you have to turn snmp off by
> the looks.
>
> have fun.
>
> ----- Forwarded message from "James A. T. Rice" <jamesr () rd bbc co uk> -----
>
> Date: Tue, 27 Feb 2001 00:39:38 +0000 (GMT)
> From: "James A. T. Rice" <jamesr () rd bbc co uk>
> X-Sender:  <jamesr@inet15>
> To: <members () lonap net>, <ops () linx net>
> Subject: Warning: Cisco RW community backdoor.
> Precedence: bulk
>
> If your router responds to `snmpwalk router.isp.net.uk ILMI`, you
> probabally will want to do the following to disable it:
>    conf t
>    snmp-server community ILMI RO 99
>    access-list 99 deny any log
> (pick another spare access-list if 99 isn't available)
>
> If you dont, assuming your ios/hardware combination supports it,
> (most of the bigger routers do) anyone can do things like:
>           `snmpset router.isp.net.uk ILMI system.sysName.0 s \
>           "ALL YOUR ROUTER ARE BELONG TO US."`
> Thats a harmless example. You can do almost anything with RW snmp.
>
> Warm Regards
> James
>
> -- 
> James A. T. Rice             | Email: jamesr () rd bbc co uk
> Internet Operations Engineer | Phone: 01737 839 737
> BBC Internet Services, Kingswood Warren, Tadworth, Surrey, UK.
>
> ----- End forwarded message -----
> ---------
> To unsubscribe from nznog, send email to majordomo () list waikato ac nz
> where the body of your message reads:
> unsubscribe nznog