CRIME FW: NIPC Alert 02-001, "Potential for Multi-Sector Internet Outag es"

From: George Heuston (GeorgeH@private)
Date: Tue Feb 12 2002 - 16:17:56 PST

Next message: Zot O'Connor: "[PLUG-ANNOUNCE] ANNOUNCEMENT: February Adv Linux Topics (ALT) Meeting"

Previous message: Geo: "CRIME FW: [Nw-ipwg] NIPC Daily Report for 12 February 2002"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: NIPC Watch [mailto:nipc.watch@private] 
Sent: Tuesday, February 12, 2002 3:42 PM
To: daily; isacs
Subject: NIPC Alert 02-001, "Potential for Multi-Sector Internet Outages"

National Infrastructure Protection Center
"Potential for Multi-Sector Internet Outages"
Alert 02-001
12 February 2002

The National Infrastructure Protection Center is aware of potential
vulnerabilities existing within the Simple Network Management Protocol
(SNMP) -- a protocol used by routers, switches and hubs on the Internet and
other related equipment.  To date, there have been no confirmed
exploitations of these vulnerabilities.  However, action may be required to
prevent the possibility of criminal exploitation by malicious hackers.
NIPC has been monitoring the vulnerabilities and is working to address the
issue and minimize potential disruption. 

Due to the widespread use of the SNMP, the number of affected products is
extensive.  NIPC, along with Carnegie Mellon University's Computer Emergency
Response Team/Coordination Center (CERT/CC), is working with other
government agencies, network security experts, and industry representatives
to define, prioritize, and mitigate these vulnerabilities. In the absence of
a specific SNMPv1 vulnerability and patch, the following list of "best
practices" has been suggested by CERT/CC:

1.    Review what versions of SNMP are running; apply vendor patches as
available.
2.    Disable SNMP service if not critical.
3.    Block access to SNMP services at network perimeter. 
4.    Filter SNMP traffic from non-authorized internal hosts.
5.    Change default community strings.
6.    Segregate SNMP traffic onto a separate management network.
7.    Apply egress filtering on ports 161 and 162.
8.    Disable stack execution where possible.

For additional information on preventing the exploitation of computer
systems, visit the CERT/CC homepage at www.cert.org. <http://www.cert.org. >

Actual or attempted hacking is a serious federal offense that could land
first time offenders in jail for ten years and repeat offenders in jail for
20 years. The NIPC encourages the reporting of computer intrusions to local
FBI offices or the NIPC Watch and Warning unit at (202) 323-3205 or 1(888)
585-9078.  You can also email NIPC at nipc.watch@private
<mailto:nipc.watch@private  >    In addition, incidents can be reported
online at www.nipc.gov/incident/cirr.htm
<http://www.nipc.gov/incident/cirr.htm> .

Next message: Zot O'Connor: "[PLUG-ANNOUNCE] ANNOUNCEMENT: February Adv Linux Topics (ALT) Meeting"
Previous message: Geo: "CRIME FW: [Nw-ipwg] NIPC Daily Report for 12 February 2002"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:38:55 PDT