[35085] in North American Network Operators' Group
Warning: Cisco RW community backdoor.
daemon@ATHENA.MIT.EDU (Simon Lyall)
Mon Feb 26 20:56:15 2001
Date: Tue, 27 Feb 2001 14:54:04 +1300 (NZDT)
From: Simon Lyall <simon.lyall@ihug.co.nz>
To: <nanog@merit.edu>
Message-ID: <Pine.LNX.4.30.0102271451340.9277-100000@boggle.ihug.co.nz>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
It appears that 2500 are not affected.
The fix below doesn't work on 11.1 and 11.2 , you have to turn snmp off by
the looks.
have fun.
----- Forwarded message from "James A. T. Rice" <jamesr@rd.bbc.co.uk> -----
Date: Tue, 27 Feb 2001 00:39:38 +0000 (GMT)
From: "James A. T. Rice" <jamesr@rd.bbc.co.uk>
X-Sender: <jamesr@inet15>
To: <members@lonap.net>, <ops@linx.net>
Subject: Warning: Cisco RW community backdoor.
Precedence: bulk
If your router responds to `snmpwalk router.isp.net.uk ILMI`, you
probabally will want to do the following to disable it:
conf t
snmp-server community ILMI RO 99
access-list 99 deny any log
(pick another spare access-list if 99 isn't available)
If you dont, assuming your ios/hardware combination supports it,
(most of the bigger routers do) anyone can do things like:
`snmpset router.isp.net.uk ILMI system.sysName.0 s \
"ALL YOUR ROUTER ARE BELONG TO US."`
Thats a harmless example. You can do almost anything with RW snmp.
Warm Regards
James
--
James A. T. Rice | Email: jamesr@rd.bbc.co.uk
Internet Operations Engineer | Phone: 01737 839 737
BBC Internet Services, Kingswood Warren, Tadworth, Surrey, UK.
----- End forwarded message -----
---------
To unsubscribe from nznog, send email to majordomo@list.waikato.ac.nz
where the body of your message reads:
unsubscribe nznog
