Re: Router worm exploiting poor SNMP security.

[M ixter <mixter () 2XS CO IL>]

That's certainly an interesting thought... I routinely find
default communities in routers during penetration tests, and
the problem is much more widespread than many people think.

> Two questions:
> Can anyone tell me any reason why this can't work?

> I base this upon my knowledge of Nortel routers and
> BayRS. Is there any reason why simular procedure
> can't work with Cisco?

Brute forcing snmp with a .c program or shell script is easy,
but if you have different routers, a list of what scripts,
commands or languages will work on which router are necessary.
I know that most Cisco's can run tcl scripts, for example, and how
to replace snmp settings, but that's about it. There were rumours
of a snmpd exploit that can execute remote commands, but I'm not sure,
are MIB's even supposed to contain executable stuff? If there's this
possibility for routers, does anyone have some comprehensible
information on SNMP implementation on routers, command execution, etc.?