[8578] in bugtraq
Re: ISS Security Advisory: Hidden community string in SNMP
daemon@ATHENA.MIT.EDU (sugarat)
Mon Nov 16 23:58:04 1998
Date: Mon, 16 Nov 1998 16:49:58 -0500
Reply-To: sugarat <sugarat@THUNDERHOLD.SUGARAT.NET>
From: sugarat <sugarat@THUNDERHOLD.SUGARAT.NET>
X-To: "Matt M. Morris" <mmorris@ops.com>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Message from "Matt M. Morris" <mmorris@ops.com> of "Mon, 16 Nov
1998 15:25:28 EST." <3.0.5.32.19981116152528.00895920@ops.com>
>
>
> I am seeing the same results on a 2.6 and a 2.5.1 system with B.5.01 NNM
> installed.
>
> matt
Do you only see the output when you are on the local machine?
How about from spoofed 127.0.0.1 packets? Is sending a reset from 127.0.0.1
enough to make hte host think it is the local machine?
If so, then a local firewall, not permitting 127 packets from outside the
machine is necessary, and even then you better trust the people who have
access to the box itself.
We have tried a box, Solaris 2.6 patched to current (current as of september),
that is running the default Sun snmpd binary. The hidden community
"all private" worked from local and remote machines.
I'm not quite sure what we're going to do about this, but on non critical
boxes, ie: the ones we watch only for cold start traps, we have turned of
snmpd and use shell scripts that call snmptrap to send the traps we need to
receive.
If anybody else has any solutions, I'm sure we'd all love to hear them.
-Tim
--
Timothy Kennedy | Erol's Internet Service
Network Administrator | 1-703-321-8000 ext. 2224
sugarat@erols.com | http://www.erols.com
