Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: SNMP vulnerability test?

From: "Ralph Los" <RLos () enteredge com>
Date: Wed, 13 Feb 2002 15:55:15 -0500
I can confirm, at least from our CD Set (Retail Win2k Server), that SNMP is
installed by DEFAULT and listening.  Scares you, doesn't it?

----------------------------------------|
Ralph M. Los
Sr. Security Consultant and Trainer
          EnterEdge Technology, L.L.C.
          rlos () enteredge com
          (770) 955-9899 x.206
----------------------------------------| 

::-----Original Message-----
::From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] 
::Sent: Wednesday, February 13, 2002 1:25 PM
::To: Eric Brandwine
::Cc: Davis Ray Sickmon, Jr; incidents () lists securityfocus com
::Subject: Re: SNMP vulnerability test?
::
::
::On Wed, 13 Feb 2002 18:19:08 GMT, Eric Brandwine said:
::> Win2k Server does install and listen on snmpv1, public by 
::default (at 
::> least our CDs of it do).  I have no idea how or why it was enabled, 
::> but a little quick scanning turned up some scary results.
::
::Thrills.  Can anybody confirm this?  Does Eric have wonky 
::install CDs, or was the Microsoft portion of the CERT 
::advisory incorrect?
::
::/Valdis
::
::


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: