Penetration Testing mailing list archives

RE: Routes that are susceptible to SNMP

From: "Rob Shein" <shoten () starpower net>
Date: Tue, 4 Feb 2003 19:21:47 -0500

Your question had some ambiguity, so I present you with "if, then, else"
answers:

By "susceptible to snmp with a community string of public," is that
read-write access or read only?  And if read-only, have you seen if you get
read-write by using "private" as a community string?  Either way it's bad,
but at least with read-only you can't start CHANGING things on them.

By "how dangerous this is," do you mean the fact that snmp is available to
the outside world with a default community string, or that people can look
at the ARP table?  The ARP table info is a tad useful to an attacker in
conjunction with other things, but the openness of the router is the real
nightmare, and obviously it becomes like "Nightmare on Ascend Street" if you
have read-write access from the internet via defaults.

-----Original Message-----
From: Rod Strader [mailto:Strader () doeren com] 
Sent: Tuesday, February 04, 2003 1:55 PM
To: pen-test () securityfocus com
Subject: Routes that are susceptible to SNMP 

Good day everyone,

I am currently on a vulnerability assessment gig and found 
that a router on the way to my clients target is susceptible 
to snmp with a community string of public.  This device when 
looking at it shows the arp table having my clients targets 
IP address in it.  What is the general consensus of how 
dangerous this is to my client.  I don't know if I can change 
anything with same community string but I can review all the 
information on the device. Here is some of the information I 
found walking the mib:

Description: Ascend Max-1800 BRI S/N: 8371001 Software +6.0.10+

This device appears to be the gateway router before their 
email server. The arp table still has the target in it.  

Please comment!

Rod Strader

--------------------------------------------------------------
--------------
This list is provided by the SecurityFocus Security 
Intelligence Alert (SIA) Service. For more information on 
SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

RE: Routes that are susceptible to SNMP Rod Strader (Feb 05)
- RE: Routes that are susceptible to SNMP Pete Herzog (Feb 06)
- RE: Routes that are susceptible to SNMP Rob Shein (Feb 06)
- <Possible follow-ups>
- Routes that are susceptible to SNMP Rod Strader (Feb 05)
  - RE: Routes that are susceptible to SNMP Rob Shein (Feb 05)
  - Re: Routes that are susceptible to SNMP Iñigo González Ponce (Feb 05)