1) Workaround provided by James is incorrect. You need RW not RO. 2) People only have access to the system mib (do a snmpwalk w/ that community to see vulnerable objects) This means someone can a) change router system name, b) location or c) contact. - Jared On Tue, Feb 27, 2001 at 02:54:04PM +1300, Simon Lyall wrote:
It appears that 2500 are not affected.
The fix below doesn't work on 11.1 and 11.2 , you have to turn snmp off by the looks.
have fun.
----- Forwarded message from "James A. T. Rice" <jamesr@rd.bbc.co.uk> -----
Date: Tue, 27 Feb 2001 00:39:38 +0000 (GMT) From: "James A. T. Rice" <jamesr@rd.bbc.co.uk> X-Sender: <jamesr@inet15> To: <members@lonap.net>, <ops@linx.net> Subject: Warning: Cisco RW community backdoor. Precedence: bulk
If your router responds to `snmpwalk router.isp.net.uk ILMI`, you probabally will want to do the following to disable it: conf t snmp-server community ILMI RO 99 access-list 99 deny any log (pick another spare access-list if 99 isn't available)
If you dont, assuming your ios/hardware combination supports it, (most of the bigger routers do) anyone can do things like: `snmpset router.isp.net.uk ILMI system.sysName.0 s \ "ALL YOUR ROUTER ARE BELONG TO US."` Thats a harmless example. You can do almost anything with RW snmp.
Warm Regards James
-- James A. T. Rice | Email: jamesr@rd.bbc.co.uk Internet Operations Engineer | Phone: 01737 839 737 BBC Internet Services, Kingswood Warren, Tadworth, Surrey, UK.
----- End forwarded message ----- --------- To unsubscribe from nznog, send email to majordomo@list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
-- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.