Is my router owned? How would I know?

• Previous message (by thread): Is my router owned? How would I know?
• Next message (by thread): Is my router owned? How would I know?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 12 Jan 2006, Rob Thomas wrote:

> If there are new or changed SNMP RW community strings, look out!

If you have any SNMP v1/v2 RW communities what so ever, you're likely to 
be owned, at least if they're common to several units in your network and 
you don't limit what part of the tree the RW communities can access.

Seems like a common attack vector is to send SNMP WRITE and upload the 
router configuration to a hacked tftp server, and then iterate thru the 
network as a lot of people have a single SNMP WRITE community in their 
network.

-- 
Mikael Abrahamsson    email: swmike at swm.pp.se

• Previous message (by thread): Is my router owned? How would I know?
• Next message (by thread): Is my router owned? How would I know?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]