Vulnerability Development mailing list archives
Re: Router worm exploiting poor SNMP security.
From: J Edgar Hoover <zorch () TOTALLY RIGHTEOUS NET>
Date: Tue, 12 Dec 2000 21:38:08 -0800
On Tue, 12 Dec 2000, Lars Nyg?rd wrote:
Is it possible to write a worm for routers that spreading via SNMP.? I'm guessing this is way to easy to do. This is based on my knowledge of Nortel
I can't think of a way to do it with *just* SNMP... you'll need TFTP or something to propagate.
- If a read/write community is found. It uploads the list of known communities and itself to the nearby router. Then execute the script on that router.
How do you "upload" new code, and what kind of code do you use? You can leverage SNMP to get TFTP access, but you can't just run a perl script on most routers. You'd need to build a trojaned copy of the OS for each router architecture you want to infect. Sure, you could run a script on a unix machine that uses SNMP to go out and own a bunch of routers, but that isn't a worm.
Current thread:
- Router worm exploiting poor SNMP security. Lars Nygård (Dec 13)
- Re: Router worm exploiting poor SNMP security. J Edgar Hoover (Dec 15)
- Re: Router worm exploiting poor SNMP security. Bill Pennington (Dec 15)
- Re: Router worm exploiting poor SNMP security. Dragos Ruiu (Dec 15)
- Re: Router worm exploiting poor SNMP security. nsc (Dec 15)
- Re: Router worm exploiting poor SNMP security. Lincoln Yeoh (Dec 15)
- Re: Router worm exploiting poor SNMP security. Ralph Moonen (Dec 15)
- <Possible follow-ups>
- Re: Router worm exploiting poor SNMP security. M ixter (Dec 15)
- Re: Router worm exploiting poor SNMP security. Jose Nazario (Dec 15)
- Re: Router worm exploiting poor SNMP security. Lars Nygård (Dec 15)
- Re: Router worm exploiting poor SNMP security. N Catlow (Dec 15)
- Re: Router worm exploiting poor SNMP security. J Edgar Hoover (Dec 15)
(Thread continues...)