Results 1 to 4 of 4

Thread: SNMP vulnerability

  1. #1
    Senior Member
    Join Date
    Dec 2001

    Exclamation SNMP vulnerability

    Hey it hasn't been verified yet but it comes from the sans institue so it should be accurate and that would be a mojor problem:

    Note: This is preliminary data! If you have additional information,
    please send it to us at

    In a few minutes wire services and other news sources will begin
    breaking a story about widespread vulnerabilities in SNMP (Simple
    Network Management Protocol). Exploits of the vulnerability cause
    systems to fail or to be taken over. The vulnerability can be found in
    more than a hundred manufacturers' systems and is very widespread -
    millions of routers and other systems are involved.

    Your leadership is needed in making sure that all systems for which you
    have any responsibility are protected. To do that, first ensure that
    SNMP is turned off. If you absolutely must run SNMP, get the patch from
    your hardware or software vendor. They are all working on patches right
    now. It also makes sense for you to filter traffic destined for SNMP
    ports (assuming the system doing the filtering is patched).

    To block SNMP access, block traffic to ports 161 and 162 for tcp and
    udp. In addition, if you are using Cisco, block udp for port 1993.

    The problems were caused by programming errors that have been in the
    SNMP implementations for a long time, but only recently discovered.

    CERT/CC is taking the lead on the process of getting the vendors to get
    their patches out. Additional information is posted at

    Two final notes.

    Note 1: Turning off SNMP was one of the strong recommendations in the
    Top 20 Internet Security Vulnerabilities that the FBI's NIPC and SANS
    and the Federal CIO Council issued on October 1, 2001. If you didn't
    take that action then, now might be a good time to correct the rest of
    the top 20 as well as the SNMP problem. The Top 20 document is posted

    Note 2: If you have Cisco routers (that's true for 85% of our readers)
    you are going to have to patch them to fix this problem. This is a great
    time to make the other fixes that will protect your Cisco routers from
    an increasingly common set of increasingly bad attacks.

    A great new free tool will be announced on Thursday that checks Cisco
    routers, finds most problems, and provides specific guidance on fixing
    each problem it finds. We've scheduled a web broadcast for Thursday
    afternoon at 1 PM EST (18:00 UTC) to tell you about it and how to get
    assembly.... digital dna ?

  2. #2
    Senior Member
    Join Date
    Sep 2001

    Exclamation Cert info on SNMP

    See more info from CERT

    and also some background from theregister

    The good news is that according to Counterpane.. the vulnerability does not appear to have been exploited yet.


  3. #3
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Flint, MI
    I posted about this yesterday.

    This affects SNMP Version 1, and was discovered about a year ago. For some reason, there is a lot of media attention about it right now.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  4. #4
    Senior Member
    Join Date
    Nov 2001
    There is still a ton of equipment using SNMPv1.

    The notification that I got from SANS gave space to some tool that is supposed to be released tomorrow to scan for this. If that tool is not free .... then we can guess that someone's hand at SANS was greased to get the word out.

    I'll sit here on the edge of my seat and see what happens .....
    Noah built the ark BEFORE it rained.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts