Vulnerability Development mailing list archives
Re: Router worm exploiting poor SNMP security.
From: Ralph Moonen <ralph () TINK ORG>
Date: Thu, 14 Dec 2000 00:20:00 +0100
At 23:58 12-12-00 +0000, Lars Nygård wrote:
- This little script takes a look at which snmp communities are stored in the router MIB and write this to a file.
There usually are no communities for other routers stored in the MIB of a router.
- Next step is to look for other routers nearby by looking at my routing table, ospf neighbours etc.
OK
- Then my script checks to see if any of the communities it found, are read/write on any nearby routers by sending a SNMP packet.
OK.
- If a read/write community is found. It uploads the list of known communities
If they were in the the MIB........
and itself
How?
to the nearby router. Then execute the script on that router.
No environement suitable to script exec on routers usually.
-Then my script leave a text file saying "I was here" and deletes itself. (or potensially delete all files and schedules a boot at 1. january 2000, but that would be mean)
>:-)
Two questions: Can anyone tell me any reason why this can't work?
See above.....
I base this upon my knowledge of Nortel routers and BayRS. Is there any reason why simular procedure can't work with Cisco?
Yes, and it won't work on Bay/Nortel either, because you can't upload and execute real scripts to them AFAIK.
--Ralph Oh, PS:This was in an email. I found out it just resolves to www.angelfire.com, but nevertheless, someone went to QUITE some effort
to obfuscate his presence. (Check the DNS entries!!!!) Here is:Try It Now!! <a href="http://www.ab4.gobbles.mx%3D14%3D02%3D14%3D05%3D14.com%7Cnet.dce%3D02%3D05%3D14%3D%3D02%3D14%3D05%3D14%3D14.lllllllll.com:80/ab4/java355/index.html">Click Here</a>
</pre>
Current thread:
- Router worm exploiting poor SNMP security. Lars Nygård (Dec 13)
- Re: Router worm exploiting poor SNMP security. J Edgar Hoover (Dec 15)
- Re: Router worm exploiting poor SNMP security. Bill Pennington (Dec 15)
- Re: Router worm exploiting poor SNMP security. Dragos Ruiu (Dec 15)
- Re: Router worm exploiting poor SNMP security. nsc (Dec 15)
- Re: Router worm exploiting poor SNMP security. Lincoln Yeoh (Dec 15)
- Re: Router worm exploiting poor SNMP security. Ralph Moonen (Dec 15)
- <Possible follow-ups>
- Re: Router worm exploiting poor SNMP security. M ixter (Dec 15)
- Re: Router worm exploiting poor SNMP security. Jose Nazario (Dec 15)
- Re: Router worm exploiting poor SNMP security. Lars Nygård (Dec 15)
- Re: Router worm exploiting poor SNMP security. N Catlow (Dec 15)
- Re: Router worm exploiting poor SNMP security. J Edgar Hoover (Dec 15)
- Re: Router worm exploiting poor SNMP security. Charles C. Lindsay (Dec 16)
- Message not available
- Re: Router worm exploiting poor SNMP security. Ralph Moonen (Dec 17)
- Re: Router worm exploiting poor SNMP security. Joe Shaw (Dec 18)
- Message not available
- SNMP community strings Ralph Moonen (Dec 17)