[35096] in North American Network Operators' Group
Re: Warning: Cisco RW community backdoor.
daemon@ATHENA.MIT.EDU (Sean Donelan)
Mon Feb 26 22:56:39 2001
Date: 26 Feb 2001 19:44:26 -0800
Message-ID: <20010227034426.7837.cpmta@c004.sfo.cp.net>
Content-Type: text/plain
Content-Disposition: inline
Mime-Version: 1.0
To: nanog@merit.edu
From: Sean Donelan <sean@donelan.com>
Errors-To: owner-nanog-outgoing@merit.edu
It appears more than one vendor shared the same SNMP library (or
SNMP programmer). Folks have sent me evidence at least two other
vendor's equipment has similar responses to the same SNMP community
string ILMI.
However, there are other non-related SNMP issues. Many SNMP
implementations included the default community strings "public"
and "private". If the operator doesn't change them, the defaults
may still work. The other common SNMP implementation issue is if
no community string is specified, the SNMP agent accepts any
community string.
If you are checking your network, I'd suggest checking for all
three possibilities.
