Cisco 1924s for sure have "public" as rw string and "private" for ro, and I'm about 80% sure the 2924 does too. Many Cisco routers have an snmp "feature" with security ramifications which Damir Rajnovic has agreed to post to Bugtraq (as of Jan. 1), but I guess Cisco's lawyers have to hash it out for a few more weeks before he'll be allowed to. If he doesn't, I will - jc Michal Zalewski wrote: > > Days ago, there was a discussion about world-readable snmp communities, > some people thought it was bad enough. Amazingly, I've found that a lot of > network devices (such as intelligent switches, WAN/LAN routers, ISDN/DSL > modems, remote access machines and even some user-end operating systems) > are by default configured with snmp enabled and unlimited access with > *write* privledges. It allows attacker to modify routing tables, status of > network interfaces and other vital system data, and seems to be extermely > dangerous. To make things even worse, some devices seems to tell that > write permission for given community is disabled, but you can still > successfully write to it - and other devices won't let you to set up snmp > access at all (eg. some modems and switches). -- John Comeau - Chief Operating Officer Dialtone Internet - Extremely Fast Web Systems 954-581-0097 fax://954-581-7629 jcomeauat_private http://www.dialtoneinternet.net
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:35:05 PDT