Re: Warning: Cisco RW community backdoor.
----- Forwarded message from "James A. T. Rice" <jamesr@rd.bbc.co.uk> ----- If your router responds to `snmpwalk router.isp.net.uk ILMI`, you probabally will want to do the following to disable it: conf t snmp-server community ILMI RO 99 access-list 99 deny any log (pick another spare access-list if 99 isn't available)
should be RW not RO Anyone with a Smartnet contract have a response from Cisco yet? I really need to get my own Smartnet number.
Interesting enough, I tried this on a dozen routers and not a peep out of one. All running new 12.0 or 12.1. Jason --- Jason Slagle - CCNA - CCDA Network Administrator - Toledo Internet Access - Toledo Ohio - raistlin@tacorp.net - jslagle@toledolink.com - WHOIS JS10172 /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . If dreams are like movies then memories X - NO HTML/RTF in e-mail . are films about ghosts.. / \ - NO Word docs in e-mail . - Adam Duritz - Counting Crows On 26 Feb 2001, Sean Donelan wrote:
----- Forwarded message from "James A. T. Rice" <jamesr@rd.bbc.co.uk> ----- If your router responds to `snmpwalk router.isp.net.uk ILMI`, you probabally will want to do the following to disable it: conf t snmp-server community ILMI RO 99 access-list 99 deny any log (pick another spare access-list if 99 isn't available)
should be RW not RO
Anyone with a Smartnet contract have a response from Cisco yet? I really need to get my own Smartnet number.
Same here - no response from our Cisco's - all 12.x stuff. Any idea what is actually affected? Mark Radabaugh VP, Amplex (419)833-3635 mark@amplex.net
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Jason Slagle Sent: Monday, February 26, 2001 10:02 PM To: Sean Donelan Cc: nanog@merit.edu Subject: Re: Warning: Cisco RW community backdoor.
Interesting enough, I tried this on a dozen routers and not a peep out of one. All running new 12.0 or 12.1.
Jason
Cisco 12.1(1a) seems to have it: groupname: ILMI security model:v1 readview :v1default writeview: v1default notifyview: <no notifyview specified> row status: active access-list: 99 groupname: ILMI security model:v2c readview :v1default writeview: v1default notifyview: <no notifyview specified> row status: active access-list: 99 Deepak Jain AiNET -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Mark Radabaugh Sent: Monday, February 26, 2001 11:22 PM To: nanog@merit.edu Subject: RE: Warning: Cisco RW community backdoor. Same here - no response from our Cisco's - all 12.x stuff. Any idea what is actually affected? Mark Radabaugh VP, Amplex (419)833-3635 mark@amplex.net
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Jason Slagle Sent: Monday, February 26, 2001 10:02 PM To: Sean Donelan Cc: nanog@merit.edu Subject: Re: Warning: Cisco RW community backdoor.
Interesting enough, I tried this on a dozen routers and not a peep out of one. All running new 12.0 or 12.1.
Jason
A table of IOS with the "feature" and without the "feature" will be made public today. Regards, Chris Hallman NSE NSP North Florida 3660 Maguire Blvd., Suite 200 Orlando, Fl. 32803 407-897-8744 office 407-903-7591 off-site office 800-365-4578 pager email: mailto:challman@cisco.com -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Jason Slagle Sent: Monday, February 26, 2001 10:02 PM To: Sean Donelan Cc: nanog@merit.edu Subject: Re: Warning: Cisco RW community backdoor. Interesting enough, I tried this on a dozen routers and not a peep out of one. All running new 12.0 or 12.1. Jason --- Jason Slagle - CCNA - CCDA Network Administrator - Toledo Internet Access - Toledo Ohio - raistlin@tacorp.net - jslagle@toledolink.com - WHOIS JS10172 /"\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \ / ASCII Ribbon Campaign . If dreams are like movies then memories X - NO HTML/RTF in e-mail . are films about ghosts.. / \ - NO Word docs in e-mail . - Adam Duritz - Counting Crows On 26 Feb 2001, Sean Donelan wrote:
----- Forwarded message from "James A. T. Rice"
<jamesr@rd.bbc.co.uk> -----
If your router responds to `snmpwalk router.isp.net.uk ILMI`, you probabally will want to do the following to disable it: conf t snmp-server community ILMI RO 99 access-list 99 deny any log (pick another spare access-list if 99 isn't available)
should be RW not RO
Anyone with a Smartnet contract have a response from Cisco yet? I really need to get my own Smartnet number.
In the referenced message, Sean Donelan said:
----- Forwarded message from "James A. T. Rice" <jamesr@rd.bbc.co.uk> ----- If your router responds to `snmpwalk router.isp.net.uk ILMI`, you probabally will want to do the following to disable it: conf t snmp-server community ILMI RO 99 access-list 99 deny any log (pick another spare access-list if 99 isn't available)
should be RW not RO
Anyone with a Smartnet contract have a response from Cisco yet? I really need to get my own Smartnet number.
Cisco was supposed to announce the data tomorrow as I understand it, the leaks (as they often do) just made the word-of-mouth->closed lists->open lists trek far quicker. I'm a bit surprised, however, that it took this long. First rumblings I heard were weeks ago, in response to it poking up in a "show snmp group".
participants (6)
-
Chris Hallman -
Deepak Jain -
Jason Slagle -
Mark Radabaugh -
Sean Donelan -
Stephen Griffin