[35122] in North American Network Operators' Group
Re: Warning: Cisco RW community backdoor.
daemon@ATHENA.MIT.EDU (Owen DeLong)
Tue Feb 27 11:52:52 2001
Date: Tue, 27 Feb 2001 08:48:08 -0800
From: owen@dixon.delong.sj.ca.us (Owen DeLong)
Message-Id: <200102271648.IAA05130@irkutsk.delong.sj.ca.us>
To: nanog@merit.edu, simon.lyall@ihug.co.nz
Errors-To: owner-nanog-outgoing@merit.edu
It applies to 12.0 and later, so testing it on an 11.x router doesn't
help.
Owen
>
>
> It appears that 2500 are not affected.
>
> The fix below doesn't work on 11.1 and 11.2 , you have to turn snmp off by
> the looks.
>
> have fun.
>
> ----- Forwarded message from "James A. T. Rice" <jamesr@rd.bbc.co.uk> -----
>
> Date: Tue, 27 Feb 2001 00:39:38 +0000 (GMT)
> From: "James A. T. Rice" <jamesr@rd.bbc.co.uk>
> X-Sender: <jamesr@inet15>
> To: <members@lonap.net>, <ops@linx.net>
> Subject: Warning: Cisco RW community backdoor.
> Precedence: bulk
>
> If your router responds to `snmpwalk router.isp.net.uk ILMI`, you
> probabally will want to do the following to disable it:
> conf t
> snmp-server community ILMI RO 99
> access-list 99 deny any log
> (pick another spare access-list if 99 isn't available)
>
> If you dont, assuming your ios/hardware combination supports it,
> (most of the bigger routers do) anyone can do things like:
> `snmpset router.isp.net.uk ILMI system.sysName.0 s \
> "ALL YOUR ROUTER ARE BELONG TO US."`
> Thats a harmless example. You can do almost anything with RW snmp.
>
> Warm Regards
> James
>
> --
> James A. T. Rice | Email: jamesr@rd.bbc.co.uk
> Internet Operations Engineer | Phone: 01737 839 737
> BBC Internet Services, Kingswood Warren, Tadworth, Surrey, UK.
>
> ----- End forwarded message -----
> ---------
> To unsubscribe from nznog, send email to majordomo@list.waikato.ac.nz
> where the body of your message reads:
> unsubscribe nznog
>
>
>
>
>
