Warning: Cisco RW community backdoor.

Stephen Griffin stephen.griffin at rcn.com
Tue Feb 27 03:53:34 UTC 2001


In the referenced message, Sean Donelan said:
> 
> > ----- Forwarded message from "James A. T. Rice" <jamesr at rd.bbc.co.uk> -----
> > If your router responds to `snmpwalk router.isp.net.uk ILMI`, you
> > probabally will want to do the following to disable it:
> >    conf t
> >    snmp-server community ILMI RO 99
> >    access-list 99 deny any log
> > (pick another spare access-list if 99 isn't available)
> 
> should be RW not RO
> 
> Anyone with a Smartnet contract have a response from Cisco yet?  I really
> need to get my own Smartnet number.

Cisco was supposed to announce the data tomorrow as I understand it, the
leaks (as they often do) just made the word-of-mouth->closed lists->open
lists trek far quicker.

I'm a bit surprised, however, that it took this long. First rumblings
I heard were weeks ago, in response to it poking up in a "show snmp group".





More information about the NANOG mailing list