RE: How to exploit snmp

["Kevin Wood" <kwood () exchangesolutions com>]

By default the community string is set to public..It is generally
considered to be a bad idea to leave the community name set to public
because it allow people to query using snmp and get information about
your server..You should change the name and if possible have a change
processes in place that changes the community name once in a while..

-----Original Message-----
From: Juan B [mailto:juanbabi () yahoo com] 
Sent: July 18, 2005 12:15 PM
To: security-basics () securityfocus com
Subject: How to exploit snmp 

 HI
using nessus I found that one of the machines in the network. maybe an
ADSL router has the snmp community private or public. nessus also
reffered to CVE:
CAN-1991-0517,CAN 1991-0186,CAN 1999-0254,CAN
1999-0516
BID 11237,10576,117,2112,6825,7212,7317,9681,986
other references: IAVA-2001-B-001

How according to  nessus output I find an exploit? I want to see for my
self why private/public community names are not good.

I am using Whoppix how I can find expolits there?

thanks very much.
Juan



I tried to find with the ./find-sploits exploits for snmp but dont know
which to use.

thanks very much.

Juan

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com