Re: Operational Impact of CA-2002-03 ?

[Sean Donelan <sean () donelan com>]

So far no one has told me they've been hit.  And to follow up, because
self-reporting isn't that accurate, I have not seen any operational impact
due to someone exploiting, or attempting to exploit SNMP.  So far most of
the problems I've tracked down in the last 72 hours have been due to
unrelated problems or network operators rushing to patch or block SNMP.
According to notes sent/forwarded to me, several network operators have
blocked SNMP ports in their hosting facilities either permanently or for
a few days while folks figure out what to do.

I have not seen any gaps in most MRTG data (which uses SNMP) graphs
displayed on providers web sites.  The Ripe, Telstra, Keynote, Matrix, etc
global network data graphs don't appear out of the ordinary.

On Thu, 14 Feb 2002, Frank B. Scalzo wrote:
> Has anyone seen any discernable operational impact from CA-2002-03? Things
> like: increase in SNMP probes, increase in bgp churn due to outside networks
> being affected, customer complaints, increase in number of customer flaps,
> anyone willing to admit to being directly impacted, anyone willing to admit
> surviving an attempt, does anyone have any evidence of an actual exploit,
> any evidence that people wearing the wrong color hats are using this or
> trying to?