"public" and "private" are out-of-the-box default community strings for read and read-write access almost any network equipment. Get the private MIB for the Ascend MAX (now Lucent), and look at what you can get ;-). With the read-write comminity you can get, alter, wipe, the router config, you can reboot it, create users, modify the routing table, etc... I don't remeber if the MAX-1600 has tunneling capabilies.... if so, you can create a tunnel to your own machine and... Hope this helps, -- Iñigo Quoting Rod Strader <Straderat_private>: > Good day everyone, > > I am currently on a vulnerability assessment gig and found that a > router > on the way to my clients target is susceptible to snmp with a > community > string of public. This device when looking at it shows the arp table > having my clients targets IP address in it. What is the general > consensus of how dangerous this is to my client. I don't know if I > can > change anything with same community string but I can review all the > information on the device. Here is some of the information I found > walking the mib: > > Description: Ascend Max-1800 BRI S/N: 8371001 Software +6.0.10+ > > This device appears to be the gateway router before their email > server. > The arp table still has the target in it. > > Please comment! > > Rod Strader > > > > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus Security Intelligence Alert > (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please > see: > https://alerts.securityfocus.com/ > > > -- Iñigo González Ponce <igonzalez .at .exocert .dot. com> ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 10:45:28 PST