CDROM-Guide forums

Go Back   CDROM-Guide forums > Main Forums > Open to All Computer Related Topics > Computer Networking & Security
FAQ Calendar Mark Forums Read
Open   CSec   Data   DevDrv   CoOp   Audio   CDRW   CDG   VCD   DVD   HD DVD   Mac   VGB   PS2   DC   Xbox  


 
 
Thread Tools Display Modes
  #1  
Old Feb 13, 2002, 11:01 AM
uk_trader uk_trader is offline
Veteran
 
Join Date: Dec 2001
Location: United Kingdom
Posts: 1,103
Default Biggest threat in net history

sponsored links

 
Security watchers are advising users to protect their networks following one of the biggest security threats in internet history.
Hundreds or even thousands of different devices that rely on Simple Network Management Protocol (SNMP) have been found to be vulnerable to security compromises.

The biggest problem is that so many devices - including routers, switches, servers, cable modems and firewalls - use vulnerable SNMP installations which could be exploited to crash or compromise systems.

Internet Security Systems X-Force director Chris Rouland warned: "The SNMP vulnerabilities pose a potentially serious threat to IT infrastructures.

"Although the magnitude of vulnerability this issue creates is unclear at this time, the existence of dangerous attack tools in the computer underground that enable attackers to take advantage of these vulnerabilities poses an immediate threat.

"We caution all users to take action to minimise their potential risk."

Security newswires are awash with information on locking down systems to guard against the threat. Rouland advised locking down managed routers with access to control lists, and installing firewalls with rules that allow only authorised IP addresses, whether inbound or outbound.

Users should also turn off SNMP in all cases where it is not required, and put in place anti-spoofing rules so that packets cannot be inserted from outside the network.

This also applies to any spoofing outbound from the network. Apply this rule to all devices on the network whether or not they face the internet.

Users connecting to the web via an internet service provider should contact their modem or router vendor for security measures. They are also advised to consider installing perimeter defences in the form of a router with filtering capabilities, and personal firewall software with intrusion detection capabilities.

Warnings were also going up on the Bugtraq security mailing list this morning. One user, Robert Graham, summed up the feelings of many of the security watchers.

"This is big. It isn't a single vulnerability, but a suite of potentially hundreds of vulnerabilities. This is just the beginning. More will be coming," he said.

According to the Bugtraq discussion, these problems are not new. They have been known about since the early 1990s but have been considered as 'bugs' rather than vulnerabilities.

There is also speculation that somebody could develop an exploit that compromises a printer and forwards copies of everything printed out to the hacker.

"SNMP has always been a huge vulnerability, even when it could not be directly exploited," explained Graham. "Your first impulse should always be to disable it. There are exploits that have been used in the underground for years that still haven't made it to Bugtraq."

According to Graham, the problem is bigger than it seems. "Some older versions of Solaris (2.6?) put an SNMP service at a port in the range 32768-32800 (the same vulnerability as putting a port mapper at a high port)," he said.

"This wasn't mentioned in the Computer Emergency Response Team advisory. If you are a heavy Sun Microsystems shop, these should be blocked anyway," he concluded.
  #2  
Old Feb 13, 2002, 05:57 PM
zack371 zack371 is offline
Veteran
 
Join Date: Jul 2000
Location: USA
Posts: 1,944
Default

You are right. This could be a big deal. I have received numerous inquiries about this in the last 72 hours. SNMP is definitely not the most secure implementation in the world. Time will tell what this turns out to be. It all depends really on the severity and ease of the discovery. SNMP has been known to have problems for years. Remember when Steve Gibson at GRC said that Windows XP implementation of raw sockets would bring the internet and all the world's routers to a screeching halt. The media seems bent lately on over-dramatizing security holes recently. I mean, the Microsft Universal Plug And Play issue a month or so back - yes, it needed to be addressed and corrected, but it did not warrant hours of time on CNN! It was not a huge deal. Though the FBI didn't help the matter by issuing a security release over it. I mean, how many UPnP devices are there?? Security issues need to be addressed, repaired, and learned from. BUT - software will have glitches. Period. Windows does. MACOS does. Linux does. Unix does . . . . What does not need to happen is that the technically uneducated mass-media does not need to try to create a hysteria at every smallest revelation.

Thanks UK_Trader for posting the above info. I did not mean to go into my lengthy oratory. I just don't like it when the press inflates thing. But, this SNMP issue could definitely be a major deal especially since it warranted a CERT advisory - and is for sure one to watch.

Cheers.

-Zack

[img]***********.mindshatter.com/zack/smanback1.gif[/img]
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Net Send Sarcastik Open to All Computer Related Topics 10 Jul 04, 2003 06:54 AM
"My Computer" history in Internet Explorer??? seracca Open to All Computer Related Topics 7 Mar 30, 2003 10:56 PM
Clara Net or Virgin Net ? dean0 Consumer's Opinion 8 Oct 12, 2002 09:37 AM
Problems deleting IE history in XP rabby2 Open to All Computer Related Topics 5 Jul 07, 2002 05:41 AM
Clearing file history for applications like media player rabby2 Open to All Computer Related Topics 7 Jun 14, 2002 02:32 PM


All times are GMT -5. The time now is 05:34 AM.



Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright 1996-2009 CDROM-Guide.com. All rights reserved