North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Is my router owned? How would I know?
- From: Mikael Abrahamsson
- Date: Thu Jan 12 17:11:06 2006
On Thu, 12 Jan 2006, Rob Thomas wrote:
If you have any SNMP v1/v2 RW communities what so ever, you're likely to
be owned, at least if they're common to several units in your network and
you don't limit what part of the tree the RW communities can access.
If there are new or changed SNMP RW community strings, look out!
Seems like a common attack vector is to send SNMP WRITE and upload the
router configuration to a hacked tftp server, and then iterate thru the
network as a lot of people have a single SNMP WRITE community in their
Mikael Abrahamsson email: email@example.com