Warning: Cisco RW community backdoor.
Omachonu Ogali
missnglnk at informationwave.net
Tue Feb 27 04:37:07 UTC 2001
On Mon, Feb 26, 2001 at 11:06:42PM -0500, John Fraizer wrote:
>
> On 26 Feb 2001, Sean Donelan wrote:
>
> >
> > It appears more than one vendor shared the same SNMP library (or
> > SNMP programmer). Folks have sent me evidence at least two other
> > vendor's equipment has similar responses to the same SNMP community
> > string ILMI.
> >
> > However, there are other non-related SNMP issues. Many SNMP
> > implementations included the default community strings "public"
> > and "private". If the operator doesn't change them, the defaults
> > may still work. The other common SNMP implementation issue is if
> > no community string is specified, the SNMP agent accepts any
> > community string.
> >
> > If you are checking your network, I'd suggest checking for all
> > three possibilities.
> >
> >
> >
>
> IMHO, if no communities are supplied, the SNMP daemon should not respond
> at all.
>
> While I agree that "public" and "private" are "wellknowns," in most
> implementations, they at least show up in the code. Cisco chose to hide
> this one where it would not show up in the code. That IMHO is a very bad
> thing and does bad things to my confidence level in Cisco.
Please, stop the damn FUD, how do you know it wasn't accidentally left
in by a programmer doing debugging? I bet you assume all buffer overflows
are purposely put in also, eh? Sure. I expect it to cut back on your
confidence in Cisco IOS, but also, what's this noise about code? Do you
happen to have a hold on IOS source code or something that you personally
audit?
> ---
> John Fraizer
> EnterZone, Inc
>
>
>
--
Omachonu Ogali
missnglnk at informationwave.net
http://www.informationwave.net
More information about the NANOG
mailing list