Penetration Testing mailing list archives
Re: snmp vulnerablities
From: H C <keydet89 () yahoo com>
Date: Mon, 16 Jul 2001 13:56:18 -0700 (PDT)
Ron, Very interesting input regarding SNMP, though I'm not really too clear on what it has to do with the original author's use of 'echo' statements in an SNMP utility. One question though...when you downloaded the router config, could this activity have been prevented by proper configuration of the router itself? Since you didn't specify the method used (SNMP?), I thought I'd ask for clarification. Thanks, Carv --- Ron Russell <ron () siliconbuddha com> wrote:
SNMP can also be used to write configuration parameters to Cisco Routers as well (assuming you have the read/write community string). I have actually successfully downloaded a router config, unencrypted the hash for the passwords, and telnetted into the router. I'm sure that there are multiple other security vulnerabilities here as well. Ron Russell - MCSE, CCNA, CNE 480-6-Buddha Silicon Buddha LLC Enlightened Network Services www.siliconbuddha.com Offering Free Vulnerability Assessments from the deserts of Phoenix Arizona ----- Original Message ----- From: "H Carvey" <keydet89 () yahoo com> To: <pen-test () securityfocus com> Sent: Saturday, July 14, 2001 6:50 AM Subject: Re: snmp vulnerablitiesHi there. how do you exploit or gain accessfrom vulnerable host using snmp vulnerablities. I've tried to used this command but its not work :I'm not sure why you would try sending 'echo' commands to the SNMP agent...do any agents have a vulnerability that will allow them to write to the drive? I have always seen SNMP as a great recon protocol, especially when it is misconfigured (ie, default community strings, no restrictions on management stations, etc). On Win2K, you can enum usernames, services, TCP/UDP info, etc. Systems running SNMP can divulge information...if they are misconfigured. This is why many people call SNMP a 'dangerous' protocol. As with anything else, some simple configuration steps can fix that. Yes, if someone installs a sniffer and captures some datagrams containing your SNMPv1 read-write community string, you could most definitely have problems (though I doubt that those problems include the ability to write to the drive). However, if someone is able to load a sniffer on your network, you've got other problems to worry about...
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- snmp vulnerablities slash underground (Jul 13)
- <Possible follow-ups>
- Re: snmp vulnerablities H Carvey (Jul 16)
- Re: snmp vulnerablities Ron Russell (Jul 16)
- Re: snmp vulnerablities H C (Jul 16)
- Re: snmp vulnerablities Ron Russell (Jul 16)
- Re: snmp vulnerablities mht (Jul 17)
- Re: snmp vulnerablities Jon DeShirley (Jul 17)
- Re: snmp vulnerablities Peter Van Epp (Jul 17)
- Re: snmp vulnerablities mht (Jul 17)
- Re: snmp vulnerablities Dave Ryan (Jul 17)
- Re: snmp vulnerablities Ron Russell (Jul 16)
- Re: snmp vulnerablities Ron Russell (Jul 17)