Re: ISS Security Advisory: Wired-side SNMP WEP key exposure in 802.11b Access Points

[hendy () team-teso net]

On Fri, Jun 22, 2001 at 05:47:27PM -0400, Brandon S. Allbery KF8NH wrote:
> On Wednesday, June 20, 2001 17:32:53 -0500, Matthew Potter 
>
> By default, yes; so is the Apple AirPort (I think these are all KarlBridge
> products in disguise).  And SNMP is enabled by default because that's how 
> they're configured.

right, and not only by default - you can _not_ disable snmp on karlbridge
accesspoints (apple airport, rg1000..) (hey, if you'd disable it, you had no
chance changing any setting but flushing the eeprom!).

> I just change the password when I configure it for the first time.

first of all, the public snmp-community is still readable, if you change the
password (just not writable anymore), and second, there are tools out there,
which can easily brute-force snmp-communities (ADMsnmp, for example). those
accesspoints don't ''slow-down'' if they're brute-forced, so you can easily
go through a big dic-file :-)

regards,

-hendy / teso

PS: the airport is fun. does anyone know what kind of OS runs on it? i am in
need of some informations regarding this. could get very very interesting.

-- 
.    ,!.    . _ ___ ___________________________________________________ __ _  .
    ,j't.      hendy () team-teso org [TESO]   or   hendy () xentix homeip net [HOME]
 K=-=:: -=->   fax & vbox: [ +49-2561-959-556970 ] gsm/sms: [ +49-179-6443323 ]
  "=i.: [-'    PGP: ``finger hendy () team-teso net''    [www.team-teso.net/hendy]
   /;:":.\     PGP Fprint:   5AAE 5111 2C39 5E86 9D45  70C3 CA8F 0C20 EF27 264A
. ;}'   '(, . _ ___ ____________________________________________________ . :wq!