Vulnerability Development mailing list archives
Re: Router worm exploiting poor SNMP security.
From: "Charles C. Lindsay" <lindsay () MAIL TOPLAYER COM>
Date: Fri, 15 Dec 2000 09:38:29 -0500
The only apparent and widely exploitable way to do this is to replace the firmware. While not trivial, this is doable. Existing firmware already supports sending SNMP packets, we only need change the data and type.
Assuming of course that the download isn't checked for a crypt sig.
Of course, that means that somewhere in the running code, however
disguised, is a key, and to change keys you have to follow a trail of
firmware updates... you obviously can't depend on being able to access
a "known site" for "known good" sigs...
--
Charles C. Lindsay TopLayer Networks, Inc. 508-870-1300 x147
lindsay () TopLayer com "Perfecting the Art of Network Security" 508-870-9797 FAX
2400 Computer Drive, Westboro, MA 01581
Current thread:
- Re: Router worm exploiting poor SNMP security., (continued)
- Re: Router worm exploiting poor SNMP security. Bill Pennington (Dec 15)
- Re: Router worm exploiting poor SNMP security. Dragos Ruiu (Dec 15)
- Re: Router worm exploiting poor SNMP security. nsc (Dec 15)
- Re: Router worm exploiting poor SNMP security. Lincoln Yeoh (Dec 15)
- Re: Router worm exploiting poor SNMP security. Ralph Moonen (Dec 15)
- Re: Router worm exploiting poor SNMP security. M ixter (Dec 15)
- Re: Router worm exploiting poor SNMP security. Jose Nazario (Dec 15)
- Re: Router worm exploiting poor SNMP security. Lars Nygård (Dec 15)
- Re: Router worm exploiting poor SNMP security. N Catlow (Dec 15)
- Re: Router worm exploiting poor SNMP security. J Edgar Hoover (Dec 15)
- Re: Router worm exploiting poor SNMP security. Charles C. Lindsay (Dec 16)
- Message not available
- Re: Router worm exploiting poor SNMP security. Ralph Moonen (Dec 17)
- Re: Router worm exploiting poor SNMP security. Joe Shaw (Dec 18)
- Message not available
- SNMP community strings Ralph Moonen (Dec 17)
- Re: Router worm exploiting poor SNMP security. Fyodor (Dec 15)