Penetration Testing mailing list archives

Re: snmp

From: Frank Knobbe <frank () knobbe us>
Date: Mon, 27 Sep 2004 17:19:14 -0500

On Fri, 2004-09-24 at 15:39, R. DuFresne wrote:

You start by getting yer "get out of jail free card" from mgt.  If you
lack that, you are likely to get fired and then prosecuted.



I didn't read it like you did. It seemed to me that Juan wanted a tool
that lists some info retrieved via SNMP Gets. With that list we would
approach management, showing that you can query interface tables, etc,
with a community string of "public".

I didn't think that he wanted to "break into" and systems, or otherwise
"pentest" it (even though he used that word in his request. Improper use
of "pentest" in my book).

I don't think he needs management approval or a JOOJF card to just list
some stuff with snmpwalk. After all, the information is "public", right?

As long as he doesn't circumvent counter-measures he should be fine.
After all, he is the one responsible for security in his company. He
would be one handing out the JOOJF cards ;)

Cheers,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Re: snmp, (continued)
- Re: snmp Max (Sep 24)
  - Re: snmp R. DuFresne (Sep 27)
- Re: snmp Frank Knobbe (Sep 24)
- Re: snmp Vijay Kumar (Sep 25)
- RE: snmp Victor Chapela (Sep 25)
- RE: snmp Dom (Sep 25)
- RE: snmp Alexandre Skyrme (Sep 26)
- Re: snmp R. DuFresne (Sep 27)
  - Re: snmp DokFLeed (Sep 27)
    - RE: snmp Mike (Sep 29)
  - Re: snmp Frank Knobbe (Sep 28)
    - Re: snmp R. DuFresne (Sep 28)
- RE: snmp Jeff Gercken (Sep 24)
- RE: snmp Burnett, Robert (Sep 24)
- Re: snmp H Carvey (Sep 24)
- RE: snmp Guillaume Lavoix (Sep 24)
- RE: snmp Todd Towles (Sep 24)
- RE: snmp Christopher Adickes (Sep 24)
- Re:snmp Ghaith Nasrawi (Sep 27)
  - Re: Re:snmp Jose Maria Lopez (Sep 28)
- RE: snmp Harper, Patrick (Sep 28)

(Thread continues...)