I have been experimenting with the PROTOS SNMP test cases for req-app test material against my Cisco 2621 running 12.0(7)T. I have been able to reliably force the router to crash/dump and reload when I have "snmp-server community public RO" or "snmp-server host 1.1.1.1 public" configured on the router, but am unable to DoS the router when configured with a community string that does not match the one used in the PROTOS test cases. The CERT advisory indicates that simply changing the community to a hard-to-guess value is "not sufficient to mitigate the impact of these vulnerabilities". Cisco also recommends applying ACL's to stop unspecified hosts from contacting UDP/161 on the router. Has anyone confirmed that Cisco and other vendors are subject to a DoS through the PROTOS test suite without prior knowledge of the SNMP community string? Many thanks. -Joshua Wright Team Leader, Networks and Systems Johnson & Wales University Joshua.Wrightat_private pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73 fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73
This archive was generated by hypermail 2b30 : Thu Feb 14 2002 - 13:47:17 PST