Re: Help with Protos tool output interpretation

[Eric Brandwine <ericb () UU NET>]

> > > > > "rp" == Reidy, Patrick <Patrick.Reidy () veritect com> writes:

rp> Quick question for any protos users out there, all others can
rp> ignore: Running the protus tool in the lab and watching the output
rp> I don't see an easily understandable way to map the results to the
rp> exact string that caused the given targeted device to go paws up.
rp> Is it the case that any device that responds to a given string
rp> when using the -showreply option is vulnerable to that given
rp> string?

This is only possible when working on a device for which your queries
are valid.  In this case, that means that 'public' is a valid query
string, and your test box is within any of the device's ACLs.

Run the testsuite -zerocase.  This will send packet 0 between each
attack packet.  Packet 0 is a valid query packet, and will generate a
valid response.  The tool will wait for this response before sending
the next attack packet.

This is not possible if you are testing either or both of invalid
community string/invalid IP addr.  Also, this is not possible for trap
testing.

Furthermore, we found several devices that had no SNMP specific
vulnerabilities.  But some of the attack packets are quite large, and
these devices would crash upon recieving one of these huge fragmented
packets.

ericb
-- 
Eric Brandwine     |  A great many people think they are thinking when they
UUNetwork Security |  are merely rearranging their prejudices.
ericb () uu net       |
+1 703 886 6038    |      - William James
Key fingerprint = 3A39 2C2F D5A0 FC7C  5F60 4118 A84A BD5D  59D7 4E3E