Penetration Testing mailing list archives

RE: Routes that are susceptible to SNMP

From: "Rob Shein" <shoten () starpower net>
Date: Wed, 5 Feb 2003 13:46:42 -0500

Ahh, there's a sticky issue.  On one hand, it's very arguable that you
violated the scope of your "get out of jail free card," by engaging a device
outside the scope of your client's network.  Let's face it; you could have
just run traceroute to check the hops, there was no need to SNMP query
machines that did not belong to your client.  On the other hand, you're
operating from the moral high ground; you're not trying to hack anyone, you
wish no harm done, and you want to tell the ISP that they have a problem so
they can fix it.  You seem to have two choices in my mind: tell them, and
hope they don't overreact, or keep it to yourself so that you can stay out
of harm's way.  Either way I would definitely NOT involve your client.  If
the ISP overreacts they could conceiveably hold it against your client and
terminate service, citing a violation of acceptable use policy.

-----Original Message-----
From: Rod Strader [mailto:Strader () doeren com] 
Sent: Tuesday, February 04, 2003 7:21 PM
To: Kevin Reynolds; pen-test () securityfocus com
Subject: RE: Routes that are susceptible to SNMP


To all I am not trying to get into the ISP just want to know 
how to help the client notify them about the issue.  
 
The tool I use does a trace route and tells information that 
it finds along the way.    In this case it discovered the 
gateway before the client had a community string of public.  
 
The information displayed is in the information window which 
I cut out and pasted for all of your input.  
 
I believe this is on the gray area, where the service 
provider is providing a service to the client and their 
community string could leave the client open to potential harm.   
 
I have not tested the gateway merly used the information the 
tool has provided about the path to the target.
 
My question is how do I provide this information to the 
client so they can give the information to their provider.  
With out trouble on anyones part.
 

      -----Original Message----- 
      From: Kevin Reynolds [mailto:reynolds25 () adelphia net] 
      Sent: Tue 2/4/2003 7:01 PM 
      To: Rod Strader; pen-test () securityfocus com 
      Cc: 
      Subject: Re: Routes that are susceptible to SNMP 
      
      

      What about the private community string?  Good chance 
that the RW community
      string is still private.
      
      Kevin
      
      
      ----- Original Message -----
      From: "Rod Strader" <Strader () doeren com>
      To: <pen-test () securityfocus com>
      Sent: Tuesday, February 04, 2003 1:55 PM
      Subject: Routes that are susceptible to SNMP
      
      
      Good day everyone,
      
      I am currently on a vulnerability assessment gig and 
found that a router
      on the way to my clients target is susceptible to snmp 
with a community
      string of public.  This device when looking at it shows 
the arp table
      having my clients targets IP address in it.  What is the general
      consensus of how dangerous this is to my client.  I 
don't know if I can
      change anything with same community string but I can 
review all the
      information on the device. Here is some of the 
information I found
      walking the mib:
      
      Description: Ascend Max-1800 BRI S/N: 8371001 Software +6.0.10+
      
      This device appears to be the gateway router before 
their email server.
      The arp table still has the target in it.
      
      Please comment!
      
      Rod Strader
      
      
      
      
      
      
--------------------------------------------------------------
--------------
      This list is provided by the SecurityFocus Security 
Intelligence Alert (SIA)
      Service. For more information on SecurityFocus' SIA 
service which
      automatically alerts you to the latest security 
vulnerabilities please see:
      https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

RE: Routes that are susceptible to SNMP Rod Strader (Feb 05)
- RE: Routes that are susceptible to SNMP Pete Herzog (Feb 06)
- RE: Routes that are susceptible to SNMP Rob Shein (Feb 06)
- <Possible follow-ups>
- Routes that are susceptible to SNMP Rod Strader (Feb 05)
  - RE: Routes that are susceptible to SNMP Rob Shein (Feb 05)
  - Re: Routes that are susceptible to SNMP Iñigo González Ponce (Feb 05)