[35098] in North American Network Operators' Group
Re: Warning: Cisco RW community backdoor.
daemon@ATHENA.MIT.EDU (Stephen Griffin)
Mon Feb 26 23:12:36 2001
Message-Id: <200102270353.WAA13105@elektra.ultra.net>
In-Reply-To: <20010227024731.20734.cpmta@c004.sfo.cp.net> from Sean Donelan at "Feb 26, 2001 06:47:31 pm"
To: nanog@merit.edu
Date: Mon, 26 Feb 2001 22:53:34 -0500 (EST)
From: Stephen Griffin <stephen.griffin@rcn.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
In the referenced message, Sean Donelan said:
>
> > ----- Forwarded message from "James A. T. Rice" <jamesr@rd.bbc.co.uk> -----
> > If your router responds to `snmpwalk router.isp.net.uk ILMI`, you
> > probabally will want to do the following to disable it:
> > conf t
> > snmp-server community ILMI RO 99
> > access-list 99 deny any log
> > (pick another spare access-list if 99 isn't available)
>
> should be RW not RO
>
> Anyone with a Smartnet contract have a response from Cisco yet? I really
> need to get my own Smartnet number.
Cisco was supposed to announce the data tomorrow as I understand it, the
leaks (as they often do) just made the word-of-mouth->closed lists->open
lists trek far quicker.
I'm a bit surprised, however, that it took this long. First rumblings
I heard were weeks ago, in response to it poking up in a "show snmp group".
