Cisco 1924s for sure have "public" as rw string and "private" for ro,
and I'm about 80% sure the 2924 does too.
Many Cisco routers have an snmp "feature" with security ramifications
which Damir Rajnovic has agreed to post to Bugtraq (as of Jan. 1), but I
guess Cisco's lawyers have to hash it out for a few more weeks before
he'll be allowed to. If he doesn't, I will - jc
Michal Zalewski wrote:
>
> Days ago, there was a discussion about world-readable snmp communities,
> some people thought it was bad enough. Amazingly, I've found that a lot of
> network devices (such as intelligent switches, WAN/LAN routers, ISDN/DSL
> modems, remote access machines and even some user-end operating systems)
> are by default configured with snmp enabled and unlimited access with
> *write* privledges. It allows attacker to modify routing tables, status of
> network interfaces and other vital system data, and seems to be extermely
> dangerous. To make things even worse, some devices seems to tell that
> write permission for given community is disabled, but you can still
> successfully write to it - and other devices won't let you to set up snmp
> access at all (eg. some modems and switches).
--
John Comeau - Chief Operating Officer
Dialtone Internet - Extremely Fast Web Systems
954-581-0097 fax://954-581-7629
[EMAIL PROTECTED]
http://www.dialtoneinternet.net
