February 17th, 2002, 12:06 PM
SNMP Vulnerability Pheonomenon
Experts have warned that the recently discovered vulnerabilities in Simple Network Management Protocol (SNMP) could be "as big a problem as Nimda".
Security watchers maintain that thousands of devices could be at risk and that we will see exploits for this vulnerability.
Pete Philips, security consultant for Integralis S3, the security firm's ethical hacking unit, said: "We're going to see a lot of action here. It's too easy to launch attacks this way."
Philips reckons that routers will be most at risk. "With Windows and Unix hosts, it's likely that only the service will be taken out. But routers could be rebooted, opening up the potential for a massive denial of service [DoS] attack."
He said that SNMP exploits could get onto internal networks and DoS objects running SNMP, such as printers.
"It's possible there's exploits out there already," said Philips. "I've seen SNMP probes already today, and there can only be one reason for those."
According to Philips one of the problems is that security watchers are still in the dark over the finer details.
"No-one is quite sure about how the vulnerability will be exploited, because we're not exactly sure how the vulnerability works," he said.
"There's some suggestion that the vulnerability was discovered by the University of Aula, Finland, where researchers had been doing heavy testing work on SNMP packages, but no fine details are available. But it's maybe some sort of buffer overflow or format string vulnerability."
However, Philips said it is "definitely possible" that black hat hackers know how to exploit the hole.
As a precaution, Philips recommended users should "disable SNMP where you don't need it. You shouldn't be running it over the internet anyway," he said.
Unfortunately, the default setting for SNMP is 'on'.
man i gotta shave.. hehehe
February 17th, 2002, 12:08 PM
I have been notified by one of our vendors about this on Friday. I need to check the routers...