Re: Network Security and Privacy

[gdead () SHMOO COM (B Potter)]

Howdy,
This in not a vulnerablity so much as a bad security practice.  It's
akin to leaving your password file (with hashes) in your ftp /etc
dir or anonymous ftp server....  or allowing a zone to be pulled from
your nameserver.  It can easily be locked down, many folks don't do it
tho (then again, a lot do, and they have many pagers that will go off
when you try and hit SNMP/pull zone/etc...)

> --- Start of pdox.pl ---

> $hostname  = @ARGV[0];
> $ip_were_hunting = @ARGV[1];
> $community = @ARGV[2] || 'public';
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If they haven't changed their community string from public and/or
blocked unwanted SNMP, that's their own neglect, not a security "hole"
When you deploy a system you lock down the OS, remove unwanted services,
etc.  Some admins choose not to do that or are too lazy.  The same goes
for network hardware.  They may have "appliance" like look-and-feel,
but they are not bulletproof out of the box.  They have their own
security requirements that the admins must understand and deal with.
If they don't, they will run into the same problems as an unsecured
end host.

Machines shipping with SNMP communities of "public" and "private" are
inherently insecure (like a default shipment of NT).  Most vendors
supply docs that say, to the effect, change the strings now or you're
in a world of hurt.  Some, unfortunately, don't educate the end user
in this matter.

Lastly, having an SNMP string of "public" not only reveals customer
info, it can reveal passwords, network architecture, trusted hosts..
anything that would be found in a config or statistics from a network
device.  If a malicious user was going through the trouble (and risk)
of probing SNMP on a box, their are better targets than the end
user...  the ISP for example

later

bruce