Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: new SNMP vuln?

From: Arthur Donkers <arthur () reseau nl>
Date: Tue, 12 Feb 2002 21:55:29 +0100 (CET)
On Tue, 12 Feb 2002, jason wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://www.cert.org/advisories/CA-2002-03.html


This is de URL of the Uni from Finland that started it all:

http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html

read and weep....

grtz,

Arthur



- ----- Original Message -----
From: "H C" <keydet89 () yahoo com>
To: "Gary Golomb" <gee_two () yahoo com>;
<incidents () lists securityfocus com>
Sent: Thursday, February 07, 2002 3:06 PM
Subject: Re: new SNMP vuln?



Gary,

Not too much technical detail, but I would think that
this relates back to failing to change the default
community strings.  If this is in fact the case, it
really isn't anything new.



--- Gary Golomb <gee_two () yahoo com> wrote:


Hello all!

This is the third time in the past 24 hours I have
heard about this from
*completely* different sources, but cannot find
anything on it. Does anyone
here have additional details? Have any of the
up-and-running honeypots seen
anything?

Thank you in advance!

-gary



I got a call from one of my customers last night

who just

returned from a
North American Network Operators' Group (NANOG)

security conference.

Apparently, a tool was written in a university in

Finland

that exploits
SNMP vulnerabilities.  One of the many things it

does is send

1 packet to a
router that disables the router.

The tool was removed from several web sites in

order to give vendors a

chance to react--but you know how that goes.

Whether it is

in the wild now
or not, is not the pressing issue.  The issue is

that it will be soon.


It was explained that it was tested on a Cisco and

Nortel

router and proven
effective.  They are already working on a fix.  I

was

informed that they
tried to call some guy named "Henry Fiallo" to

inform us as well.





Gary Golomb
Research Engineer, Intrusion Detection
Enterasys Networks
7160 Columbia Gateway Dr, #201
Columbia, MD 21044
Phone:  410-312-3194 x223
FAX:    410-312-4840
Email:  ggolomb () enterasys com
www:    http://www.enterasys.com/ids/

__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com



--------------------------------------------------------------------
--------

This list is provided by the SecurityFocus ARIS
analyzer service.
For more information on this free incident handling,
management
and tracking system please see:
http://aris.securityfocus.com




__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

--------------------------------------------------------------------
-------- This list is provided by the SecurityFocus ARIS analyzer
service.
For more information on this free incident handling, management

and tracking system please see: http://aris.securityfocus.com

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPGlwSlL3u0OElmjPEQKNWgCg7laRBqP0sQfd3dNgl8kKMe0rN50AoJ8/
eAZGKN5FdtbFYsLzMwXLu5Rf
=Ccfb
-----END PGP SIGNATURE-----



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: