[ale] Linksys 'routers', SNMP issues (fwd)
kschmidt at mindspring.com
kschmidt at mindspring.com
Mon Jan 7 11:03:29 EST 2002
Go to net-snmp.sourceforge.net and download the Net-SNMP package. Actually, depending on which Linux distro you have, you might already have these tools installed. The tools you would use to query the router are snmpget and snmpwalk. Here's an example:
$ snmpwalk public router-host-name
If you want to receive traps, you need to run a trap daemon. Net-SNMP has a daemon called snmptrapd which is usually in /usr/loca/sbin.
<shameless_plug>If you want to know more about Net-SNMP and SNMP in general, you can get a copy of my book: http://www.ora.com/catalog/esnmp. It's written specifically for system and network administrators.</shameless_plug> :-)
-Kevin
John Mills <john.m.mills at alum.mit.edu> wrote:
> Chris -
How did you query the unit? What is you master agent and what tools did
you use? If I set my main platform as the snmptrap host that doesn't
sound like a bad idea, but I've had only a brush with SNMP and that used
prebuilt MsWin tools.
On Mon, 7 Jan 2002, Chris Ricker wrote:
> Since a lot of people on this list seem to think these sorts of toys are a
> good idea....
>
> ---------- Forwarded message ----------
> Date: Sun, 6 Jan 2002 06:55:17 -0600
> From: Matthew S. Hallacy
> To: bugtraq at securityfocus.com
> Subject: Linksys 'routers', SNMP issues
>
> Howdy.
>
> LinkSys DSL 'routers' have some serious information leakage, and potention DDoS
> usage. The following models have been confirmed as having this problem:
> BEFN2PS4 (EtherFast Cable/DSL Router & Voice with 4-Port Switch)
> BEFSR81 (EtherFast Cable/DSL Router with 8-Port Switch)
>
> Querying these devices with the default community of 'public' causes them to set
> the address that queried as their snmptrap host, dumping traffic such as the
> following to that address:
>
> Enterprise Specific Trap (1) Uptime: 2 days, 19:00:23.36, enterprises.3955.1.1.0 = "@out 192.168.1.200 ==> 24.254.60.13[110]."
> Enterprise Specific Trap (1) Uptime: 2 days, 19:00:23.36, enterprises.3955.1.1.0 = "@out 192.168.1.200 ==> 216.120.8.23[5632]."
...
Regards -
John Mills
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list