-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Peter Van Epp said the following on Tue, Jul 17, 2001 at 11:06:17AM -0700, > My guess would be that the original poster is trying to exploit the > Solaris SNMP hole (where an echo might make some sense since its a Unix box) > but didn't know it (or at least didn't articulate it). It came across bugtraq > some time ago so a search in the bugtraq archives may be productive. I didn't > look closer than to make sure we had already disabled the program involved > (probably by removing the SUID bit from the program) so I didn't check the > details. Correct, for general consumption: http://www.hack.co.za/download.php?sid=1377 As for comments on protecting SNMPv1 with ACL's and obfuscated Community Strings, that is laughable at best. A better solution is to run with SNMPv3 using AuthPriv functionality, seems like some of the popular management systems don't yet support v3 capabilities. Other solution is to tunnel SNMPv1/2c over IPSec, varyig configurations, I would be more concerned with management<->host authentication than going full ESP, but circumstances dictate. Regards. - -- Dave Ryan Computer Incident Response Team dave.ryanat_private Eircom Multimedia "I see dumb people. All the time." - Simple Nomad -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (OpenBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjtUli8ACgkQHSjBCI+q2yJ9wwCfaBS5NmARFGCii2bOgBnub0v3 g8QAniWiI1bL8R6IWkB8emwFJ0wLAM5Q =lNbC -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jul 17 2001 - 14:52:36 PDT