Dwight, et al CERT warned of these SNMP flaws more than 2 weeks ago ... but they were discovered last year, and Microsoft just issued patches for some of the Windows operating systems, etc.
http://www.computerworld.com/itresources/rcstory/0,4167,STO68242_KEY73,00.ht ml -----Original Message----- From: Cook, Dwight E (SAIC) [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 28, 2002 7:27 AM To: [EMAIL PROTECTED] Subject: Side note on SNMP security alert ! Importance: High Slightly off topic but since we are in the recovery position, anything to help ward off data loss to begin with is close to on topic... This is all I know for the time being... Dwight The Threat SNMP (Simple Network Management Protocol) is a set of protocols designed for monitoring and configuring network devices and it operates on every device connected to the bp network. We have now been informed of a security bug that makes the network and all connected devices that use SNMP vulnerable to attack. To compound the threat, the techniques for exploiting this vulnerability were recently published on the internet. Devices which are attacked need to be reloaded manually during which time the device would be unavailable with consequential business disruption. An exploited widescale attack would result in a serious denial of service for our network, the greatest risk being initially to internet connections and internet facing devices, so we must act now to protect ourselves. Security patches have been issued by vendors but it will take some time before these can be implemented , so we need to act in a way that protects our most vulnerable devices first. *************************************************************** This message and any attachments is solely for the intended recipient. If you are not the intended recipient, disclosure, copying, use, or distribution of the information included in this message is prohibited -- please immediately and permanently delete this message.