Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Router worm exploiting poor SNMP security.

From: J Edgar Hoover <zorch () TOTALLY RIGHTEOUS NET>
Date: Tue, 12 Dec 2000 21:38:08 -0800
On Tue, 12 Dec 2000, Lars Nyg?rd wrote:


Is it possible to write a worm for routers that
spreading via SNMP.?  I'm guessing this is way to
easy to do. This is based on my knowledge of Nortel


I can't think of a way to do it with *just* SNMP... you'll need TFTP or
something to propagate.


- If a read/write community is found. It uploads the list
of known communities and itself to the nearby router.
Then execute the script on that router.


How do you "upload" new code, and what kind of code do you use? You can
leverage SNMP to get TFTP access, but you can't just run a perl script on
most routers. You'd need to build a trojaned copy of the OS for each
router architecture you want to infect.

Sure, you could run a script on a unix machine that uses SNMP to go out
and own a bunch of routers, but that isn't a worm.
Previous By Date Next
Previous By Thread Next

Current thread: