Vulnerability Development mailing list archives
Re: Router worm exploiting poor SNMP security.
From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Thu, 14 Dec 2000 12:29:00 -0500
On Wed, 13 Dec 2000, M ixter wrote: [after an inquiry about an snmp worm]
That's certainly an interesting thought... I routinely find default communities in routers during penetration tests, and the problem is much more widespread than many people think.
presumably you'd be using snmpset, right, to maliciously infect? why not consider TFTP transfers of boot images to various routers, too, to spread. since TFTP is never authenticated, it should be trivial to spoof the TFTP server. i know that quite a number of popular routers are capable of TFTP, is it still in wide use in the wild (i don't work on other people's routers). ____________________________ jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- Router worm exploiting poor SNMP security. Lars Nygård (Dec 13)
- Re: Router worm exploiting poor SNMP security. J Edgar Hoover (Dec 15)
- Re: Router worm exploiting poor SNMP security. Bill Pennington (Dec 15)
- Re: Router worm exploiting poor SNMP security. Dragos Ruiu (Dec 15)
- Re: Router worm exploiting poor SNMP security. nsc (Dec 15)
- Re: Router worm exploiting poor SNMP security. Lincoln Yeoh (Dec 15)
- Re: Router worm exploiting poor SNMP security. Ralph Moonen (Dec 15)
- <Possible follow-ups>
- Re: Router worm exploiting poor SNMP security. M ixter (Dec 15)
- Re: Router worm exploiting poor SNMP security. Jose Nazario (Dec 15)
- Re: Router worm exploiting poor SNMP security. Lars Nygård (Dec 15)
- Re: Router worm exploiting poor SNMP security. N Catlow (Dec 15)
- Re: Router worm exploiting poor SNMP security. J Edgar Hoover (Dec 15)
- Re: Router worm exploiting poor SNMP security. Charles C. Lindsay (Dec 16)
- Message not available
- Re: Router worm exploiting poor SNMP security. Ralph Moonen (Dec 17)
- Re: Router worm exploiting poor SNMP security. Joe Shaw (Dec 18)
- Message not available
- SNMP community strings Ralph Moonen (Dec 17)
- Re: Router worm exploiting poor SNMP security. Fyodor (Dec 15)