Vulnerability Development mailing list archives
Re: (U) Exploiting Poor SNMP Security
From: Kurt Grutzmacher <tkgrutz () EROLS COM>
Date: Mon, 18 Dec 2000 14:06:14 -0500
On Fri, Dec 15, 2000 at 04:14:56AM -0800, Dan Kaminsky wrote:
In reference to the recent thread regarding poor SNMP security, does anyoneknow of a program/application to turn-off/shutdown unwanted/un-necessary running services that use SNMP as it's transport agent? Thanks in advance, Dana E MorrowDana-- The best method of suppressing arbitrary activity on a host is to install a firewall configuration onto it--particularly a configuration
[..good description about ip filtering and the like removed..] I think Dana's looking for some nice tool that will go around and kill offending peopl..err..processes that are running over insecure protocols. Unless the environment is using something that has complete control over the starting and stopping of apps (like Tivoli or other OS-b0rgin management systems) then it's a manual thing. *nix: ps -ef | grep snmp kill -9 <pid of snmp daemon(s)> [remove the snmp daemon programs .. pkgrm, rpm -e, etc...] windoze: [click around 20,000 properties windows to find where snmp is enabled and disable it.. stupid guis...] cisco routers/ios switches: no snmp-server community <string> RO no snmp-server community <string> RW everything else: rtfm and remove all community strings. verify with snmpset/snmpwalk that public/private strings aren't used "by default" verification and policy: Use tools like "nmap -sU -p161 <ip range>" to find rogue snmp listeners and get them removed. If policy doesn't work try exploitation... with your management's approval of course. Firewalls and packet filters are a band-aid for poor services, like snmp, that didn't have security in mind. It's still a VERY good idea to limit the accessability of these protos into your network with ingress filtering but if an attacker gets inside then these services are a problem. If you're going to go through the trouble to ipf each and every host you might as well go ahead and kill the un-needed processes. --- Kurt Grutzmacher - tkgrutz at erols dot com
Current thread:
- (U) Exploiting Poor SNMP Security Morrow Dana TSgt AMC CSS/NOSA (Dec 15)
- Re: (U) Exploiting Poor SNMP Security Dan Kaminsky (Dec 16)
- Re: (U) Exploiting Poor SNMP Security Kurt Grutzmacher (Dec 18)
- Re: (U) Exploiting Poor SNMP Security Paul Cardon (Dec 18)
- Re: (U) Exploiting Poor SNMP Security Dan Kaminsky (Dec 16)