Warning: Cisco RW community backdoor.

Eric Germann ekgermann at cctec.com
Tue Feb 27 05:08:32 UTC 2001


Taking Seans input is confusing.  The 3640 doesn't have an ATM interface (running IP Plus though).  The 3662 does (T1 IMA Card) and it locks up (refuses logins and spikes a CPU fever).  

At 11:30 PM 2/26/01 -0500, Eric Germann wrote:

>Cursory testing shows 16xx, 17xx, 26xx and 25xx don't seem to respond to it running various revs from 11.x to 12.1.  
>
>3640 running 12.0.1T coughs up the info.
>
>3662 running 12.1(3a)T acts really goofy.  Had to reboot the router to fix it (test point).  CPU at 100%.
>
>
>At 09:48 PM 2/26/01 -0500, Jared Mauch wrote:
>
>>        I was told by Cisco it should be RW.  (To override the builtin
>>one).
>>
>>        I never ran a test w/ RO so was speaking from that
>>data.
>>
>>        If you get some message about the "community/party" exists
>>or something like that, put this in:
>>
>>no snmp-server view *ilmi
>>
>>        It doesn't get saved in the config, so if you machine generate
>>your nvram:startup-config, you're ok, if you do not, you will
>>need to re-add it each time you reboot.
>>
>>        - Jared
>>
>>On Mon, Feb 26, 2001 at 06:43:40PM -0800, John Payne wrote:
>>> On Mon, Feb 26, 2001 at 09:06:51PM -0500, Jared Mauch wrote:
>>> > 
>>> >     1) Workaround provided by James is incorrect.  You need RW not
>>> > RO.
>>> 
>>> No, you only need to specify RO... at least according to the tests I've
>>> just run.  As I understand it you're overriding a built in community.
>>> 
>>> 
>>> -- 
>>> John Payne      http://www.sackheads.org/jpayne/    john at sackheads.org
>>> http://www.sackheads.org/uce/                    Fax: +44 870 0547954
>>>         To send me mail, use the address in the From: header
>>
>>-- 
>>Jared Mauch  | pgp key available via finger from jared at puck.nether.net
>>clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
>
>
>==========================================================================
>  Eric Germann                                        Inacom Info Systems
>  egermann at inacomlima.com                             Lima, OH 45801
>                                                      Ph:  419 331 9050
>  ICQ:  41927048                                      Fax: 603 825 5893
>
>"It is so easy to miss pretty trivial solutions to problems deemed
>complicated.  The goal of a scientist is to find an interesting problem,
>and live off it for a while.  The goal of an engineer is to evade
>interesting problems :)"  -- Vadim Antonov <avg at kotovnik.com> on NANOG


==========================================================================
  Eric Germann                                        Inacom Info Systems
  egermann at inacomlima.com                             Lima, OH 45801
                                                      Ph:  419 331 9050
  ICQ:  41927048                                      Fax: 603 825 5893

"It is so easy to miss pretty trivial solutions to problems deemed
complicated.  The goal of a scientist is to find an interesting problem,
and live off it for a while.  The goal of an engineer is to evade
interesting problems :)"  -- Vadim Antonov <avg at kotovnik.com> on NANOG





More information about the NANOG mailing list