Security Basics mailing list archives
RE: How to exploit snmp
From: "Clement Dupuis" <cdupuis () cccure org>
Date: Thu, 21 Jul 2005 18:48:39 -0400
Good day Kevin, The great thing about SNMP is the fact that it allow you to query the remote host and get tons of information about that host. If it is a windows host for example, you could see what patches have been applied, when the computer was last rebooted, how many interface there is on the box, what are the routing in place, etc... etc... etc... What you wish to do now is to use a tool such as SNMPwalk or solarwinds SNMP walk (commercial but there is a 30 demo available) or the freeware from the supplemental tools for windows. Any of these tools can help you milk the information from the remote host. If a host has not been rebooted for months, you know that no patch has been applied for months as well. Other issues are that it uses UDP which can be spoofed. It is a nice way to create havoc within a network. It also sends the community string in clear text if you have the ability to sniff, so even if you change them for a hard to guess string, it could still be gathered. If you use SNMP V3, then you have more security features that you could use to better protect, however very few people are using V3 across the board. Take care Clement Clément Dupuis, CD President/Security Evangelist/Chief Learning Officer (CLO) CCCure Enterprise Security & Training Inc. CISSP, GCFW, GCIA, Security+, CEH, CCSA, MBNS, MBIS, MBHS, CCSE, ACE Tel: 954 364 8410 (Florida) Tel: 514 907 1671 (Montreal) Tel: 418 907 0263 (Quebec) Fax: 636 773 6328 Maintainer of : The CISSP and SSCP Open Study Guides Web Site http://www.cccure.org The Professional Security Testers Warehouse http://www.professionalsecuritytesters.org
-----Original Message----- From: Kevin Wood [mailto:kwood () exchangesolutions com] Sent: Thursday, July 21, 2005 9:28 AM To: Juan B; security-basics () securityfocus com Subject: RE: How to exploit snmp By default the community string is set to public..It is generally considered to be a bad idea to leave the community name set to public because it allow people to query using snmp and get information about your server..You should change the name and if possible have a change processes in place that changes the community name once in a while.. -----Original Message----- From: Juan B [mailto:juanbabi () yahoo com] Sent: July 18, 2005 12:15 PM To: security-basics () securityfocus com Subject: How to exploit snmp HI using nessus I found that one of the machines in the network. maybe an ADSL router has the snmp community private or public. nessus also reffered to CVE: CAN-1991-0517,CAN 1991-0186,CAN 1999-0254,CAN 1999-0516 BID 11237,10576,117,2112,6825,7212,7317,9681,986 other references: IAVA-2001-B-001 How according to nessus output I find an exploit? I want to see for my self why private/public community names are not good. I am using Whoppix how I can find expolits there? thanks very much. Juan I tried to find with the ./find-sploits exploits for snmp but dont know which to use. thanks very much. Juan __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Current thread:
- How to exploit snmp Juan B (Jul 20)
- Re: How to exploit snmp Leif Ericksen (Jul 21)
- <Possible follow-ups>
- RE: How to exploit snmp Kevin Wood (Jul 21)
- RE: How to exploit snmp Clement Dupuis (Jul 22)