SNMP Vulnerability Pheonomenon
Results 1 to 2 of 2

Thread: SNMP Vulnerability Pheonomenon

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation SNMP Vulnerability Pheonomenon

    Experts have warned that the recently discovered vulnerabilities in Simple Network Management Protocol (SNMP) could be "as big a problem as Nimda".

    Security watchers maintain that thousands of devices could be at risk and that we will see exploits for this vulnerability.

    Pete Philips, security consultant for Integralis S3, the security firm's ethical hacking unit, said: "We're going to see a lot of action here. It's too easy to launch attacks this way."

    Philips reckons that routers will be most at risk. "With Windows and Unix hosts, it's likely that only the service will be taken out. But routers could be rebooted, opening up the potential for a massive denial of service [DoS] attack."

    He said that SNMP exploits could get onto internal networks and DoS objects running SNMP, such as printers.

    "It's possible there's exploits out there already," said Philips. "I've seen SNMP probes already today, and there can only be one reason for those."

    According to Philips one of the problems is that security watchers are still in the dark over the finer details.

    "No-one is quite sure about how the vulnerability will be exploited, because we're not exactly sure how the vulnerability works," he said.

    "There's some suggestion that the vulnerability was discovered by the University of Aula, Finland, where researchers had been doing heavy testing work on SNMP packages, but no fine details are available. But it's maybe some sort of buffer overflow or format string vulnerability."

    However, Philips said it is "definitely possible" that black hat hackers know how to exploit the hole.

    As a precaution, Philips recommended users should "disable SNMP where you don't need it. You shouldn't be running it over the internet anyway," he said.

    Unfortunately, the default setting for SNMP is 'on'.

    man i gotta shave.. hehehe

  2. #2
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    I have been notified by one of our vendors about this on Friday. I need to check the routers...

    good post.
    Trappedagainbyperfectlogic.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •