Interesting People mailing list archives
IP: Precautions Against SNMP Vulnerability
From: Dave Farber <dave () farber net>
Date: Fri, 15 Feb 2002 17:26:01 -0500
------ Forwarded Message From: Lisa Disbrow <newsalert () lumeta com> Organization: Lumeta Corporation Date: Fri, 15 Feb 2002 16:49:54 -0500 To: "David J.Farber" <farber () cis upenn edu> Subject: Precautions Against SNMP Vulnerability ***NEWS ALERT*** Precautions You Can Take to Mitigate SNMP Vulnerability The Computer Emergency Response Team (CERT), the research organization at Carnegie Mellon University, and the Oulu University Secure Programming Group announced a series of very serious vulnerabilities in equipment that responds to the Simple Network Management Protocol (SNMP). If exploited, it is possible that routers across the global Internet could be crashed, suffer serious performance degradation, or be commandeered. Bill Cheswick, Chief Scientist of Lumeta Corporation and internationally renowned security expert, described the vulnerability, "It involves very complicated software. They probably haven't found all the problems with it, and I suspect we'll be hearing more about this in the future." "I have never seen a vulnerability of this magnitude to the Internet itself," continued Cheswick. "It is conceivable that this could make large parts of the Internet quite unreliable for quite a while. The vendors and ISPs are scrambling to deal with this." Cheswick, who co-wrote the book "Firewalls and Internet Security: Beware the Wily Hacker," stated, "As a first step, companies should to turn off SNMP on any equipment that doesn't absolutely need it. " Cheswick continued, "To help protect the equipment that must be managed via SNMP, companies should configure their firewalls to block SNMP traffic that comes from outside their network. It isn't sufficient to change the SNMP community strings." "Although it doesn't entirely mitigate the risks identified in the advisory released yesterday, companies should also identify those devices that respond to 'public' or other common default community strings," said Cheswick. "I think they will be shocked at how open they are. As part of Lumeta's Network Discovery analysis, we look for routers that are open. Even though many companies have a stated policy that their equipment should not respond to public community strings, we typically find that between 10 and 30 percent of the SNMP-managed devices do respond. This shows the difficulties of knowing the configuration of every SNMP device in a large network, and it foreshadows the challenges companies will face rolling out the fixes uniformly once the vendors issue patches that address these vulnerabilities." For more information on how to determine if your devices will respond to public community strings please refer to http://www.lumeta.com/pc021402 You have received this information because you have requested more information from Lumeta Corporation. If you do not wish to receive any more alerts, please reply to this message with "REMOVE" in the subject line. We apologize if you received this message in error. Your name may be on multiple lists. All best efforts are being done to remove it. Lumeta does not sell, convey, propagate or give away e-mail address. They remain confidential and are not disclosed to third parties. Lumeta Corporation ------ End of Forwarded Message For archives see: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: Precautions Against SNMP Vulnerability Dave Farber (Feb 15)