> > When the SNMP Service is installed, the default configuration that is > provided leaves the system vulnerable to attack. In the default > configuration the SNMP service answers to a single SNMP community > ``public'', which is given read-write permissions. The community > is a name that is used much like an account name or a password to > restrict who can access the SNMP functions and in what capacity. > SNMP provides two levels of access, read-only and read-write. The > Windows NT SNMP Service prior to Service Pack 4 does not allow > communities to be configured as read-only, so all SNMP communities > have the ability to write. > There is another dangerous 'feature' with regards to SNMP community names under Windows NT 4.0 (SP3). If SNMP is enabled, and there are no community names configured ( under Settings -> Control Panel -> Network -> Services -> SNMP Service -> Security -> Accepted Community Names ) any community name will be valid, and will (obviously) have read/write privileges. I was unable to find anything that documented this behavior, and as you can imagine, I was quite suprised when I accidentally discovered this. Dave G. --- Dave Goldsmith <dhgat_private> Cambridge Technology Partners Enterprise Security Services http://www.es2.net
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:23:49 PDT