I have to agree with HC on this one, I can't remember echo being in the list of SNMP Basic functions : 1. GET REQUEST 2. GET NEXT REQUEST 3. SET REQUEST 4. GET RESPONSE 5. TRAP MESSAGE Is the original poster referring to an older type of networked device (i.e. OpenRoute, Proteon, Gator, WellFleet) that previously prompted the user with > in order to set the SNMP options??? *scratching head** At 03:01 PM 7/16/2001 -0700, Ron Russell wrote: >I cannot speak to the echo reference as well. If he would like to expound >on it I would be most happy to listen. > >And the activity could have been prevented by proper use of ACLs, and the >proper configuration of SNMP (not using easily guessable strings). I'm also >sure that there are similar vulnerabilities across server and switch >platforms, but I have not had the privilege of scanning one. > >Ron Russell - MCSE, CCNA, CNE >480-6-Buddha >Silicon Buddha LLC >Enlightened Network Services >www.siliconbuddha.com >Offering Free Vulnerability Assessments from the deserts of Phoenix Arizona >----- Original Message ----- >From: "H C" <keydet89at_private> >To: "Ron Russell" <ronat_private>; <pen-testat_private> >Sent: Monday, July 16, 2001 1:56 PM >Subject: Re: snmp vulnerablities > > >Ron, > >Very interesting input regarding SNMP, though I'm not >really too clear on what it has to do with the >original author's use of 'echo' statements in an SNMP >utility. > >One question though...when you downloaded the router >config, could this activity have been prevented by >proper configuration of the router itself? Since you >didn't specify the method used (SNMP?), I thought I'd >ask for clarification. > >Thanks, > >Carv > >--- Ron Russell <ronat_private> wrote: > > SNMP can also be used to write configuration > > parameters to Cisco Routers as > > well (assuming you have the read/write community > > string). I have actually > > successfully downloaded a router config, unencrypted > > the hash for the > > passwords, and telnetted into the router. I'm sure > > that there are multiple > > other security vulnerabilities here as well. > > > > Ron Russell - MCSE, CCNA, CNE > > 480-6-Buddha > > Silicon Buddha LLC > > Enlightened Network Services > > www.siliconbuddha.com > > Offering Free Vulnerability Assessments from the > > deserts of Phoenix Arizona > > ----- Original Message ----- > > From: "H Carvey" <keydet89at_private> > > To: <pen-testat_private> > > Sent: Saturday, July 14, 2001 6:50 AM > > Subject: Re: snmp vulnerablities > > > > > > > Hi there. how do you exploit or gain access > > from vulnerable host using snmp > > vulnerablities. I've tried to used this command > > but its not work : > > > > > > > I'm not sure why you would try sending 'echo' > > commands to the SNMP agent...do any agents > > have a vulnerability that will allow them to > > write to the drive? > > > > I have always seen SNMP as a great recon > > protocol, especially when it is misconfigured > > (ie, default community strings, no restrictions > > on management stations, etc). On Win2K, you > > can enum usernames, services, TCP/UDP info, > > etc. > > > > Systems running SNMP can divulge > > information...if they are misconfigured. This > > is why many people call SNMP a 'dangerous' > > protocol. As with anything else, some simple > > configuration steps can fix that. Yes, if > > someone installs a sniffer and captures some > > datagrams containing your SNMPv1 read-write > > community string, you could most definitely > > have problems (though I doubt that those > > problems include the ability to write to the > > drive). However, if someone is able to load a > > sniffer on your network, you've got other > > problems to worry about... > > > > >---------------------------------------------------------------------------- > > This list is provided by the SecurityFocus Security > > Intelligence Alert (SIA) > > Service For more information on SecurityFocus' SIA > > service which > > automatically alerts you to the latest security > > vulnerabilities please see: > > https://alerts.securityfocus.com/ > > > > > > >__________________________________________________ >Do You Yahoo!? >Get personalized email addresses from Yahoo! Mail >http://personal.mail.yahoo.com/ > > > >---------------------------------------------------------------------------- >This list is provided by the SecurityFocus Security Intelligence Alert (SIA) >Service For more information on SecurityFocus' SIA service which >automatically alerts you to the latest security vulnerabilities please see: >https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 10:38:17 PDT