Security Incidents mailing list archives
Re: SNMP vulnerability test?
From: Eric Brandwine <ericb () UU NET>
Date: 13 Feb 2002 00:34:00 +0000
"drs" == Davis Ray Sickmon, <midryder () midnightryder com> writes:
drs> Besides crashing the device, what's the best way to test for the SNMP drs> vulnerability? I've got some hardware out there (Savin printers) that are There is no way, really. These packets are not designed to kill any particular kind of box, just to abuse SNMP. So short of custom designing packets, it'll go belly up. drs> leased (and thus, I have no admin access to them!), and have SNMP drs> on by default. I can test against similar hardware here in the drs> offices, but I'd rather not crash the accounting / office drs> people's favorite copier / printer ;-) I've seen three separate drs> lists of hardware that is vulnerable, but none of them look very drs> complete. This is what after-hours is for ;) Assume it's vulnerable. Everything we've tested (MANY vendors) has died, except for Lucent/Xedia VPN APs. At least Cisco/Juniper/Lucent/etc know how to spell s3kur1ty. I'll bet you that nobody at Savin has ever thought about IP security. They bought an IP/SNMP stack from someone, and just welded it in. Good luck getting patches. You'll spend hours just trying to explain what the problem is ;) drs> (I know, I know - it's a bloody printer. Big deal if it crashes, drs> right? Well, I'll get tired of listenin' to people whine if it's drs> down for even 30 seconds. Plus I figure it might be nice drs> information to pass on if there's a "friendly" way to determine drs> vulnerability.) What're they printing from? I'd check that first. The number of win98/nt/2k hosts listening on SNMP is terrifying. They're gonna whine more if they cannot get to the documents that they want to print. ericb -- Eric Brandwine | Reality is that which, when you stop believing in it, UUNetwork Security | doesn't go away. ericb () uu net | +1 703 886 6038 | - Philip K. Dick Key fingerprint = 3A39 2C2F D5A0 FC7C 5F60 4118 A84A BD5D 59D7 4E3E ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- new SNMP vuln? Gary Golomb (Feb 07)
- Re: new SNMP vuln? Mike Lewinski (Feb 07)
- Re: new SNMP vuln? James (Feb 07)
- Re: new SNMP vuln? H C (Feb 07)
- Re: new SNMP vuln? jason (Feb 12)
- Re: new SNMP vuln? Arthur Donkers (Feb 12)
- SNMP vulnerability test? Davis Ray Sickmon, Jr (Feb 12)
- Re: SNMP vulnerability test? Eric Brandwine (Feb 13)
- Re: SNMP vulnerability test? Valdis . Kletnieks (Feb 13)
- Re: SNMP vulnerability test? Eric Brandwine (Feb 13)
- Re: SNMP vulnerability test? Valdis . Kletnieks (Feb 13)
- Re: SNMP vulnerability test? Chris Ess (Feb 13)
- Re: new SNMP vuln? jason (Feb 12)
- Re: new SNMP vuln? Mike Lewinski (Feb 07)
- <Possible follow-ups>
- RE: new SNMP vuln? Rob Keown (Feb 12)
- Re: new SNMP vuln? Patrick Oonk (Feb 12)