Vulnerability Development mailing list archives
Re: Router worm exploiting poor SNMP security.
From: Lars Nygård <lars () SNART COM>
Date: Wed, 13 Dec 2000 15:58:16 -0000
Additional information If you know the SNMP read/write community it should be no problem to upload files to Nortel routers. This is done today with Site Manager. I'm guessing this is done by enabling tftp. BayRS has it's own script language, which I believe can be used to write such a worm. What I'm not sure of is if it's possible to send SNMP packets with such a script. The problem would be to execute the script on a remote router. I'm not sure if this is possible. It's however possible to execute ping from a remote router with SNMP (again this can be done with Site Manager). I'm guessing this might makes it possible to find an exploit. Perhaps by modifying the MIB entry wfIcmp.wfIcmpExecute.1. Only guessing here. Anyone out there who got the answers? -Lars Nygård
Current thread:
- Router worm exploiting poor SNMP security. Lars Nygård (Dec 13)
- Re: Router worm exploiting poor SNMP security. J Edgar Hoover (Dec 15)
- Re: Router worm exploiting poor SNMP security. Bill Pennington (Dec 15)
- Re: Router worm exploiting poor SNMP security. Dragos Ruiu (Dec 15)
- Re: Router worm exploiting poor SNMP security. nsc (Dec 15)
- Re: Router worm exploiting poor SNMP security. Lincoln Yeoh (Dec 15)
- Re: Router worm exploiting poor SNMP security. Ralph Moonen (Dec 15)
- <Possible follow-ups>
- Re: Router worm exploiting poor SNMP security. M ixter (Dec 15)
- Re: Router worm exploiting poor SNMP security. Jose Nazario (Dec 15)
- Re: Router worm exploiting poor SNMP security. Lars Nygård (Dec 15)
- Re: Router worm exploiting poor SNMP security. N Catlow (Dec 15)
- Re: Router worm exploiting poor SNMP security. J Edgar Hoover (Dec 15)
- Re: Router worm exploiting poor SNMP security. Charles C. Lindsay (Dec 16)
- Message not available
- Re: Router worm exploiting poor SNMP security. Ralph Moonen (Dec 17)
- Re: Router worm exploiting poor SNMP security. Joe Shaw (Dec 18)
- Message not available
- SNMP community strings Ralph Moonen (Dec 17)
- Re: Router worm exploiting poor SNMP security. Fyodor (Dec 15)