Vulnerability Development mailing list archives
Re: Router worm exploiting poor SNMP security.
From: Sebastien Barbereau <sebastien.barbereau () FR EASYNET NET>
Date: Thu, 14 Dec 2000 16:53:08 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-----Message d'origine----- De : VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM] from Mixter Envoyé : mercredi 13 décembre 2000 10:12 À : VULN-DEV () SECURITYFOCUS COM Objet : Re: Router worm exploiting poor SNMP security. That's certainly an interesting thought... I routinely find default communities in routers during penetration tests, and the problem is much more widespread than many people think.Two questions: Can anyone tell me any reason why this can't work?I base this upon my knowledge of Nortel routers and BayRS. Is there any reason why simular procedure can't work with Cisco?Brute forcing snmp with a .c program or shell script is easy, but if you have different routers, a list of what scripts, commands or languages will work on which router are necessary. I know that most Cisco's can run tcl scripts, for example, and how to replace snmp settings, but that's about it. There were rumours
In fact there is some scripting language called TCL on cisco routers but it's only used on some voice-router (for example AS5800) and not wide spread.
of a snmpd exploit that can execute remote commands, but I'm not sure, are MIB's even supposed to contain executable stuff? If there's this
Of course you can execute some commands remotely on cisco routers if you have the write community of the router. This is mostly used to download configurations to tftp servers or remotely restarts a router without having to login. For example: http://www.cisco.com/warp/public/477/21.html But I don't thing that one may use this to create a virus or trojan.
possibility for routers, does anyone have some comprehensible information on SNMP implementation on routers, command execution, etc.?
I'd suggest you go to www.cisco.com there you'll surely find what you a looking for concerning SNMP implementations and usage. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOjjexXMEbPkbj2omEQJWXACgmELlgH12y7Mur9oLRgDf+Awdj2QAoOtp mSmXbjP/UMNprEqgadd8YAU4 =X0lf -----END PGP SIGNATURE-----
Current thread:
- Re: Router worm exploiting poor SNMP security., (continued)
- Re: Router worm exploiting poor SNMP security. Ralph Moonen (Dec 15)
- Re: Router worm exploiting poor SNMP security. M ixter (Dec 15)
- Re: Router worm exploiting poor SNMP security. Jose Nazario (Dec 15)
- Re: Router worm exploiting poor SNMP security. Lars Nygård (Dec 15)
- Re: Router worm exploiting poor SNMP security. N Catlow (Dec 15)
- Re: Router worm exploiting poor SNMP security. J Edgar Hoover (Dec 15)
- Re: Router worm exploiting poor SNMP security. Charles C. Lindsay (Dec 16)
- Message not available
- Re: Router worm exploiting poor SNMP security. Ralph Moonen (Dec 17)
- Re: Router worm exploiting poor SNMP security. Joe Shaw (Dec 18)
- Message not available
- SNMP community strings Ralph Moonen (Dec 17)
- Re: Router worm exploiting poor SNMP security. Fyodor (Dec 15)