North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Warning: Cisco RW community backdoor.
On Mon, Feb 26, 2001 at 11:06:42PM -0500, John Fraizer wrote: > > On 26 Feb 2001, Sean Donelan wrote: > > > > > It appears more than one vendor shared the same SNMP library (or > > SNMP programmer). Folks have sent me evidence at least two other > > vendor's equipment has similar responses to the same SNMP community > > string ILMI. > > > > However, there are other non-related SNMP issues. Many SNMP > > implementations included the default community strings "public" > > and "private". If the operator doesn't change them, the defaults > > may still work. The other common SNMP implementation issue is if > > no community string is specified, the SNMP agent accepts any > > community string. > > > > If you are checking your network, I'd suggest checking for all > > three possibilities. > > > > > > > > IMHO, if no communities are supplied, the SNMP daemon should not respond > at all. > > While I agree that "public" and "private" are "wellknowns," in most > implementations, they at least show up in the code. Cisco chose to hide > this one where it would not show up in the code. That IMHO is a very bad > thing and does bad things to my confidence level in Cisco. Please, stop the damn FUD, how do you know it wasn't accidentally left in by a programmer doing debugging? I bet you assume all buffer overflows are purposely put in also, eh? Sure. I expect it to cut back on your confidence in Cisco IOS, but also, what's this noise about code? Do you happen to have a hold on IOS source code or something that you personally audit? > --- > John Fraizer > EnterZone, Inc > > > -- Omachonu Ogali [email protected] http://www.informationwave.net
|