Re: Router worm exploiting poor SNMP security.

[nsc () ERIS DERA GOV UK]

[snip]
 
> Let's say I write a little program, or batch script that 
> starts by taking advantage of this.
> - This little script takes a look at which snmp 
> communities are stored in the router MIB and write 
> this to a file.
> - Next step is to look for other routers nearby by 
> looking at my routing table, ospf neighbours etc.
> - Then my script checks to see if any of the 
> communities it found, are read/write on any nearby 
> routers by sending a SNMP packet.
> - If a read/write community is found. It uploads the list 
> of known communities and itself to the nearby router. 
> Then execute the script on that router.

can you execute scripts on routers via snmp writes? I thought this required 
console access. Also can you upload files via snmp writes? I would be very 
surprised if you could....

The only way I could think of doing it is placing the payload in the 
configuration 'script' and reconfiguring via snmp and rebooting forcing a 
re-configure via tftp or whatever, this may be noticed.

I don't know whether this would work i.e. how powerful the configuration 
'script' can be.

regards,

Nathan
-- 
N.Catlow () eris dera gov uk |  All opinions  | IT Security, DERA,
                          | are my own and | WWB009, St Andrews Rd,
                          |   not DERA's   | Malvern, Worcs, England.
*I'd love to give my 0.02 worth - Have you got change for a dollar?*