Re: news story and router passwords

[Lincoln Yeoh <lyeoh () POP JARING MY>]

At 02:41 PM 10/14/00 -0700, Mark Teicher wrote:
> interactive scripts but one still needs to have a password at that
> level.  What I was stating earlier that using SNMP one does not necessarily
> need a password to gain access to a particular router  :)

I don't know much about SNMP ( just a tiny bit ), but once when I was going
through a ciscoworks course years back I found an interesting feature with
the cisco routers we were playing with.

IF you can upload a config file to the router via SNMP, you can actually
execute arbitrary console style commands using SNMP as well. All you need
to do is put stuff like this at the end of the config file:

! end of real config or blank config
!
exit
ping a.b.c.d
telnet a.b.c.d

I can't remember if you can send further stuff in a telnet session. It's
not a security problem since if you can configure the router you can get in
anyway, but I was thinking of it more as an interesting feature, which
might be potentially useful in certain cases - telnet not allowed, but snmp
is, and you need to do some command line stuff. Maybe a "no debug all" snmp
script can be useful for the times some wiseguy turns full debugging on
with debug to console (and not log server).

This seems to imply that the way Cisco did the snmp config upload on those
routers was by piping the contents to something like a vty after a config
term. Not sure if they still do that - anyone want to try?

Cheerio,

Link.