nanog mailing list archives

Re: Is my router owned? How would I know?

From: "Alexei Roudnev" <alex () relcom net>
Date: Sat, 14 Jan 2006 01:56:27 -0800

Some Cisco IOS'es have numerous bugs, related to SNMP (I watched few cases,
when all Cisco's 72xx lost configuration becuase of receivbing something
bogus), so SNMP should be filtered out from public internet.

----- Original Message ----- 
From: "Mikael Abrahamsson" <swmike () swm pp se>
To: "NANOG" <nanog () merit edu>
Sent: Thursday, January 12, 2006 2:09 PM
Subject: Re: Is my router owned? How would I know?


On Thu, 12 Jan 2006, Rob Thomas wrote:

If there are new or changed SNMP RW community strings, look out!


If you have any SNMP v1/v2 RW communities what so ever, you're likely to
be owned, at least if they're common to several units in your network and
you don't limit what part of the tree the RW communities can access.

Seems like a common attack vector is to send SNMP WRITE and upload the
router configuration to a hacked tftp server, and then iterate thru the
network as a lot of people have a single SNMP WRITE community in their
network.

-- 
Mikael Abrahamsson    email: swmike () swm pp se

Current thread:

Re: Cisco, haven't we learned anything? (technician reset), (continued)
- - - Re: Cisco, haven't we learned anything? (technician reset) Jared Mauch (Jan 12)
    - RE: Cisco, haven't we learned anything? (technician reset) Scott Morris (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset) Martin Hannigan (Jan 12)
    - Is my router owned? How would I know? Rob Thomas (Jan 12)
    - Re: Is my router owned? How would I know? goemon (Jan 12)
    - Re: Is my router owned? How would I know? Florian Weimer (Jan 12)
    - Re: Is my router owned? How would I know? Martin Hannigan (Jan 12)
    - Re: Is my router owned? How would I know? Christopher L. Morrow (Jan 12)
    - Re: Is my router owned? How would I know? Joseph S D Yao (Jan 13)
    - Re: Is my router owned? How would I know? Mikael Abrahamsson (Jan 12)
    - Re: Is my router owned? How would I know? Alexei Roudnev (Jan 14)
    - Re: Is my router owned? How would I know? Mikael Abrahamsson (Jan 14)
    - Re: Is my router owned? How would I know? Alexei Roudnev (Jan 14)
    - Re: Cisco, haven't we learned anything? (technician reset) Brett Frankenberger (Jan 12)
  - Re: Cisco, haven't we learned anything? (technician reset) Bill Nash (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset) John Kinsella (Jan 12)
  - Re: Cisco, haven't we learned anything? (technician reset) Gary E. Miller (Jan 12)
  - Re: Cisco, haven't we learned anything? (technician reset) Jay Hennigan (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset) william(at)elan.net (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset) Jay Hennigan (Jan 12)
    - Re: Cisco, haven't we learned anything? (technician reset) william(at)elan.net (Jan 12)

(Thread continues...)