Full Disclosure mailing list archives

Re: SNMP read-only opens up... what?

From: "Jason Stout" <jasonstout () ringzerosecurity com>
Date: Wed, 04 Jun 2003 12:10:24 -0700 (PDT)

Anything in the mib tree. It depends entirely on what information the
company provides in thier mibs. Standard host information can be found
in the mib-2 tree while vendor specific data which could be almost 
anything will be in the private->enterprises->company tree.

Your best bet is to use a mib walker program to browse from the top and
see whats available. And my advice is too not use public as your
community string.

Regards,
Jason Stout

On Wed, 4 Jun 2003 13:44:04 -0400, lee.e.rian () census gov wrote:


Say I configure a router with a read-only SNMP community of "public" and
make it Internet accessible.  What vulnerabilities or information
disclosure does that open up that would be better left closed?  A switch?

Thanks,
Lee




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

SNMP read-only opens up... what? lee . e . rian (Jun 04)
- Re: SNMP read-only opens up... what? peter moody (Jun 04)
- Re: SNMP read-only opens up... what? Thomas Cannon (Jun 04)
- <Possible follow-ups>
- Re: SNMP read-only opens up... what? Jason Stout (Jun 04)
- Re: SNMP read-only opens up... what? lee . e . rian (Jun 04)
- RE: SNMP read-only opens up... what? Full-Disclosure (Jun 05)