Bugtraq mailing list archives
Re: Network Security and Privacy
From: gdead () SHMOO COM (B Potter)
Date: Wed, 19 Apr 2000 17:22:44 -0800
Howdy, This in not a vulnerablity so much as a bad security practice. It's akin to leaving your password file (with hashes) in your ftp /etc dir or anonymous ftp server.... or allowing a zone to be pulled from your nameserver. It can easily be locked down, many folks don't do it tho (then again, a lot do, and they have many pagers that will go off when you try and hit SNMP/pull zone/etc...)
--- Start of pdox.pl ---
$hostname = @ARGV[0]; $ip_were_hunting = @ARGV[1]; $community = @ARGV[2] || 'public';
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If they haven't changed their community string from public and/or blocked unwanted SNMP, that's their own neglect, not a security "hole" When you deploy a system you lock down the OS, remove unwanted services, etc. Some admins choose not to do that or are too lazy. The same goes for network hardware. They may have "appliance" like look-and-feel, but they are not bulletproof out of the box. They have their own security requirements that the admins must understand and deal with. If they don't, they will run into the same problems as an unsecured end host. Machines shipping with SNMP communities of "public" and "private" are inherently insecure (like a default shipment of NT). Most vendors supply docs that say, to the effect, change the strings now or you're in a world of hurt. Some, unfortunately, don't educate the end user in this matter. Lastly, having an SNMP string of "public" not only reveals customer info, it can reveal passwords, network architecture, trusted hosts.. anything that would be found in a config or statistics from a network device. If a malicious user was going through the trouble (and risk) of probing SNMP on a box, their are better targets than the end user... the ISP for example later bruce
Current thread:
- Network Security and Privacy JavaMan (Apr 19)
- Re: Network Security and Privacy B Potter (Apr 19)
- Re: Network Security and Privacy Cold Fire (Apr 20)
- pop3 spoon spoon (Apr 20)
- Re: pop3 Christopher P. Lindsey (Apr 21)
- Re: pop3 Jason Godsey (Apr 22)
- unsafe fgets() in sendmail's mail.local 3APA3A (Apr 24)
- Re: unsafe fgets() in sendmail's mail.local Claus Assmann (Apr 25)
- Re: pop3 Kris Kennaway (Apr 27)
- pop3 spoon spoon (Apr 20)
- Re: Network Security and Privacy dynamo (Apr 20)