Security Basics mailing list archives
RE: How to exploit snmp
From: "Kevin Wood" <kwood () exchangesolutions com>
Date: Thu, 21 Jul 2005 09:28:13 -0400
By default the community string is set to public..It is generally considered to be a bad idea to leave the community name set to public because it allow people to query using snmp and get information about your server..You should change the name and if possible have a change processes in place that changes the community name once in a while.. -----Original Message----- From: Juan B [mailto:juanbabi () yahoo com] Sent: July 18, 2005 12:15 PM To: security-basics () securityfocus com Subject: How to exploit snmp HI using nessus I found that one of the machines in the network. maybe an ADSL router has the snmp community private or public. nessus also reffered to CVE: CAN-1991-0517,CAN 1991-0186,CAN 1999-0254,CAN 1999-0516 BID 11237,10576,117,2112,6825,7212,7317,9681,986 other references: IAVA-2001-B-001 How according to nessus output I find an exploit? I want to see for my self why private/public community names are not good. I am using Whoppix how I can find expolits there? thanks very much. Juan I tried to find with the ./find-sploits exploits for snmp but dont know which to use. thanks very much. Juan __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- How to exploit snmp Juan B (Jul 20)
- Re: How to exploit snmp Leif Ericksen (Jul 21)
- <Possible follow-ups>
- RE: How to exploit snmp Kevin Wood (Jul 21)
- RE: How to exploit snmp Clement Dupuis (Jul 22)