new SNMP vuln?

[Gary Golomb <gee_two () yahoo com>]

Hello all!

This is the third time in the past 24 hours I have heard about this from
*completely* different sources, but cannot find anything on it. Does anyone
here have additional details? Have any of the up-and-running honeypots seen
anything?

Thank you in advance!

-gary


> I got a call from one of my customers last night who just 
> returned from a
> North American Network Operators' Group (NANOG) security conference.
> Apparently, a tool was written in a university in Finland 
> that exploits
> SNMP vulnerabilities.  One of the many things it does is send 
> 1 packet to a
> router that disables the router.
>
> The tool was removed from several web sites in order to give vendors a
> chance to react--but you know how that goes.  Whether it is 
> in the wild now
> or not, is not the pressing issue.  The issue is that it will be soon.
>
> It was explained that it was tested on a Cisco and Nortel 
> router and proven
> effective.  They are already working on a fix.  I was 
> informed that they
> tried to call some guy named "Henry Fiallo" to inform us as well. 
 

Gary Golomb
Research Engineer, Intrusion Detection 
Enterasys Networks
7160 Columbia Gateway Dr, #201
Columbia, MD 21044
Phone:  410-312-3194 x223
FAX:    410-312-4840 
Email:  ggolomb () enterasys com 
www:    http://www.enterasys.com/ids/

__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com