|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Warning: Cisco RW community backdoor.
1) Workaround provided by James is incorrect. You need RW not RO. 2) People only have access to the system mib (do a snmpwalk w/ that community to see vulnerable objects) This means someone can a) change router system name, b) location or c) contact. - Jared On Tue, Feb 27, 2001 at 02:54:04PM +1300, Simon Lyall wrote: > > > It appears that 2500 are not affected. > > The fix below doesn't work on 11.1 and 11.2 , you have to turn snmp off by > the looks. > > have fun. > > ----- Forwarded message from "James A. T. Rice" <[email protected]> ----- > > Date: Tue, 27 Feb 2001 00:39:38 +0000 (GMT) > From: "James A. T. Rice" <[email protected]> > X-Sender: <[email protected]> > To: <[email protected]>, <[email protected]> > Subject: Warning: Cisco RW community backdoor. > Precedence: bulk > > If your router responds to `snmpwalk router.isp.net.uk ILMI`, you > probabally will want to do the following to disable it: > conf t > snmp-server community ILMI RO 99 > access-list 99 deny any log > (pick another spare access-list if 99 isn't available) > > If you dont, assuming your ios/hardware combination supports it, > (most of the bigger routers do) anyone can do things like: > `snmpset router.isp.net.uk ILMI system.sysName.0 s \ > "ALL YOUR ROUTER ARE BELONG TO US."` > Thats a harmless example. You can do almost anything with RW snmp. > > Warm Regards > James > > -- > James A. T. Rice | Email: [email protected] > Internet Operations Engineer | Phone: 01737 839 737 > BBC Internet Services, Kingswood Warren, Tadworth, Surrey, UK. > > ----- End forwarded message ----- > --------- > To unsubscribe from nznog, send email to [email protected] > where the body of your message reads: > unsubscribe nznog > > > -- Jared Mauch | pgp key available via finger from [email protected] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
|