RE: Routes that are susceptible to SNMP

From: Rob Shein (shoten@starpower.net)
Date: Tue Feb 04 2003 - 19:21:47 EST

• Next message: Rajesh Kumar Dilli: "RE: Using ARP to map a network"
• Previous message: Jason Lewis: "Re: Using ARP to map a network"
• In reply to: Rod Strader: "Routes that are susceptible to SNMP"
• Next in thread: Rod Strader: "RE: Routes that are susceptible to SNMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Your question had some ambiguity, so I present you with "if, then, else"
answers:

By "susceptible to snmp with a community string of public," is that
read-write access or read only? And if read-only, have you seen if you get
read-write by using "private" as a community string? Either way it's bad,
but at least with read-only you can't start CHANGING things on them.

By "how dangerous this is," do you mean the fact that snmp is available to
the outside world with a default community string, or that people can look
at the ARP table? The ARP table info is a tad useful to an attacker in
conjunction with other things, but the openness of the router is the real
nightmare, and obviously it becomes like "Nightmare on Ascend Street" if you
have read-write access from the internet via defaults.

> -----Original Message-----
> From: Rod Strader [mailto:Strader@doeren.com]
> Sent: Tuesday, February 04, 2003 1:55 PM
> To: pen-test@securityfocus.com
> Subject: Routes that are susceptible to SNMP
>
>
> Good day everyone,
>
> I am currently on a vulnerability assessment gig and found
> that a router on the way to my clients target is susceptible
> to snmp with a community string of public. This device when
> looking at it shows the arp table having my clients targets
> IP address in it. What is the general consensus of how
> dangerous this is to my client. I don't know if I can change
> anything with same community string but I can review all the
> information on the device. Here is some of the information I
> found walking the mib:
>
> Description: Ascend Max-1800 BRI S/N: 8371001 Software +6.0.10+
>
> This device appears to be the gateway router before their
> email server. The arp table still has the target in it.
>
> Please comment!
>
> Rod Strader
>
>
>
>
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA) Service. For more information on
> SecurityFocus' SIA service which automatically alerts you to
> the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Rajesh Kumar Dilli: "RE: Using ARP to map a network"
• Previous message: Jason Lewis: "Re: Using ARP to map a network"
• In reply to: Rod Strader: "Routes that are susceptible to SNMP"
• Next in thread: Rod Strader: "RE: Routes that are susceptible to SNMP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT