Full Disclosure mailing list archives
Re: SNMP read-only opens up... what?
From: peter moody <peter () ucsc edu>
Date: 04 Jun 2003 12:10:56 -0700
you could get the product type, version information etc from certain mibs. you could tell how busy the site is, and from that infer how big a pipe you've got. There's a lot more. I would snmp-walk the device and find out what it tells you. but I've got to ask, why would you make this information available at all? On Wed, 2003-06-04 at 10:44, lee.e.rian () census gov wrote:
Say I configure a router with a read-only SNMP community of "public" and make it Internet accessible. What vulnerabilities or information disclosure does that open up that would be better left closed? A switch? Thanks, Lee
-- Peter Moody <peter () ucsc edu> InfoSec Administrator 831/459.5409 Communications and Technology Services. http://mustard.ucsc.edu/pubkey UC, Santa Cruz. :wq
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- SNMP read-only opens up... what? lee . e . rian (Jun 04)
- Re: SNMP read-only opens up... what? peter moody (Jun 04)
- Re: SNMP read-only opens up... what? Thomas Cannon (Jun 04)
- <Possible follow-ups>
- Re: SNMP read-only opens up... what? Jason Stout (Jun 04)
- Re: SNMP read-only opens up... what? lee . e . rian (Jun 04)
- RE: SNMP read-only opens up... what? Full-Disclosure (Jun 05)