Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Router worm exploiting poor SNMP security.

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Thu, 14 Dec 2000 12:29:00 -0500
On Wed, 13 Dec 2000, M ixter wrote:

[after an inquiry about an snmp worm]


That's certainly an interesting thought... I routinely find
default communities in routers during penetration tests, and
the problem is much more widespread than many people think.


presumably you'd be using snmpset, right, to maliciously infect? why not
consider TFTP transfers of boot images to various routers, too, to spread.
since TFTP is never authenticated, it should be trivial to spoof the TFTP
server. i know that quite a number of popular routers are capable of TFTP,
is it still in wide use in the wild (i don't work on other people's
routers).

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Previous By Date Next
Previous By Thread Next

Current thread: