Penetration Testing mailing list archives

Re: Routes that are susceptible to SNMP

From: Iñigo González Ponce <IGONZALEZ () ati es>
Date: Wed, 05 Feb 2003 13:54:15 +0100 (CET)

"public" and "private" are out-of-the-box default community strings
for read and read-write access almost any network equipment.

Get the private MIB for the Ascend MAX (now Lucent), and look at what you can
get ;-).

With the read-write comminity you can get, alter, wipe, the router config,
you can reboot it, create users, modify the routing table, etc...

I don't remeber if the MAX-1600 has tunneling capabilies.... if so, you
can create a tunnel to your own machine and...

Hope this helps,

        -- Iñigo

Quoting Rod Strader <Strader () doeren com>:

Good day everyone,

I am currently on a vulnerability assessment gig and found that a
router
on the way to my clients target is susceptible to snmp with a
community
string of public.  This device when looking at it shows the arp table
having my clients targets IP address in it.  What is the general
consensus of how dangerous this is to my client.  I don't know if I
can
change anything with same community string but I can review all the
information on the device. Here is some of the information I found
walking the mib:

Description: Ascend Max-1800 BRI S/N: 8371001 Software +6.0.10+

This device appears to be the gateway router before their email
server.
The arp table still has the target in it.  

Please comment!

Rod Strader





----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/




--
Iñigo González Ponce <igonzalez .at .exocert .dot. com>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

RE: Routes that are susceptible to SNMP Rod Strader (Feb 05)
- RE: Routes that are susceptible to SNMP Pete Herzog (Feb 06)
- RE: Routes that are susceptible to SNMP Rob Shein (Feb 06)
- <Possible follow-ups>
- Routes that are susceptible to SNMP Rod Strader (Feb 05)
  - RE: Routes that are susceptible to SNMP Rob Shein (Feb 05)
  - Re: Routes that are susceptible to SNMP Iñigo González Ponce (Feb 05)