Serious security vulnerability in SNMP

[spidey07]

Keep in mind that you can easily enable SNMP on devices without really knowing it. Everyone should check their machines/servers. Routers/switches are also vulnerable. Heck, seems like most all SNMP agents are affected.

cert advisory

 

[mboy]

I have a cisco 1005 at work. How do I know if I have SNMP enabled, what happens if I turn it off and how do I? I have a T1 into the router, then into an old WhistleWare/IBM Interjet mailserver/firewall into my 5 24 port hubs (I know, I know 5 -24 port 100mbps unmanaged switches going in next week , then running to my NT4.0 network. All IP's are static, no DHCP is being used.
THANX

 

[spidey07]

SNMP is not enabled by default on cisco routers (that I know of). In the link above there is another link to cisco's incidet page.

look for commands in your config like...
snmp community public ro
snmp community private rw

I think you also check with the "show snmp" command

 

[mboy]

Yep, did the show snmp one before and said: % snmp not enabled. I would imagine this means I am safe correct?

 

[Woodie]

Is anyone seeing any signs of attacks or probes?

None here...

 

[RagManX]

Haven't seen any here, but we have to scan our whole network, just in case. As a reminder to anyone scanning their network, remember that SNMP can run of TCP or UDP, so you have to scan both when running through the ports.

RagManX