Re: SNMP testing

[Spring Systems <korund () hotmail com>]

I scanned node with standalone SNMP Scanner utility, it doesn't return anything: does this mean SNMP is just disabled 
or this mean that community string changed from default string to another string?

If SNMP just disabled, is it possible to use a DoS attack, like Buffer Overflow Attacks, SYN attack, Teadrop Attack, 
Smurf attack, which should cause rebooting and enabling snmp?

Regards,

Date: Tue, 28 Sep 2010 08:40:29 -0400
Subject: Re: [framework] SNMP testing
From: hviniciusg () gmail com
To: korund () hotmail com
CC: framework () spool metasploit com

On Tue, Sep 28, 2010 at 6:30 AM, Spring Systems <korund () hotmail com> wrote:







Is there still possibility to exploit/test SNMP devices with Metasploit if SNMP is disabled on target devices
If the SNMP service is disabled, then you could not exploit anithing
 


, or if community string changed from default "public" to another string?



If the community string is changed, 
there are several tools to "brute force" the community string, but it 
makes a lot of noise, and there are some devices that will block you 
when there are several failed attempts, but if this is a last resort 
option, then i think you should doit, or leave this test to the end of 
the audit process. 


Regards,
Hugo Vinicius Garcia Razera

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework