Warning: Cisco RW community backdoor.
Chris Hallman
challman at cisco.com
Tue Feb 27 06:25:41 UTC 2001
Yes, the info is due to be made public today. We have been making personal
calls to numerous ISPs as early of 2/20.
Regards,
Chris Hallman
NSE NSP North Florida
3660 Maguire Blvd., Suite 200
Orlando, Fl. 32803
407-897-8744 office
407-903-7591 off-site office
800-365-4578 pager
email: mailto:challman at cisco.com
-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu]On Behalf Of
John Fraizer
Sent: Monday, February 26, 2001 11:07 PM
To: Sean Donelan
Cc: nanog at merit.edu
Subject: Re: Warning: Cisco RW community backdoor.
On 26 Feb 2001, Sean Donelan wrote:
>
> It appears more than one vendor shared the same SNMP library (or
> SNMP programmer). Folks have sent me evidence at least two other
> vendor's equipment has similar responses to the same SNMP community
> string ILMI.
>
> However, there are other non-related SNMP issues. Many SNMP
> implementations included the default community strings "public"
> and "private". If the operator doesn't change them, the defaults
> may still work. The other common SNMP implementation issue is if
> no community string is specified, the SNMP agent accepts any
> community string.
>
> If you are checking your network, I'd suggest checking for all
> three possibilities.
>
>
>
IMHO, if no communities are supplied, the SNMP daemon should not respond
at all.
While I agree that "public" and "private" are "wellknowns," in most
implementations, they at least show up in the code. Cisco chose to hide
this one where it would not show up in the code. That IMHO is a very bad
thing and does bad things to my confidence level in Cisco.
---
John Fraizer
EnterZone, Inc
More information about the NANOG
mailing list