back to article Attackers tapping on SNMP door to see if it's open

Google's DNS IP address is being spoofed by an attacker, apparently in an attempt to DDoS hosts vulnerable to a flaw in the SNMP protocol. The SANS Internet Storm Center noticed the traffic trend emerging on September 15, and in this post discusses what's going on. The attack is trying to take over SNMP hosts that have left …

  1. Peter 26

    Sounds like someone is doing us a favour ensuring that any hosts with default SNMP passwords are being taken offline.

    I remember reading years ago that most ISPs hadn't secured SNMP and it was possible to get the name\address details of a customer with only their IP. I never saw any details on how to actually do it though.

    1. Anonymous Coward
      Anonymous Coward

      I'm sure the NSA and GCHQ know this trick.

  2. Anonymous Coward
    Anonymous Coward

    Who lets SNMP in the firewall?!?

    Crazy.

    1. theblackhand

      Re: Who lets SNMP in the firewall?!?

      And what about the devices that sit outside your firewall?

      Do you have an ISP or locally maintained Internet router that your firewall/firewalls plug into?

  3. Mark Allen

    Home Routers

    I've found a few home routers with insanely simple "passwords" on the SNMP side. I don't understand why SNMP is in a home router, and especially not why it is on by default with "public" as the SET community string. So it is part of my standard lock-down to mash a very long string into there, save, then turn SNMP off totally.

    If the TTL can be set, then so too can the DNS Servers be changed to ones controlled by the hacker.

    There are going to be a lot of routers out there that have been installed in the past few years that this attack is going to pick up.

  4. Anonymous Coward
    Anonymous Coward

    "why SNMP is in a home router"

    "I don't understand why SNMP is in a home router"

    Wtf should it NOT be?

    E.g. if every SoHo modem/router had the ADSL Line MIB, there'd be a lot fewer discussions on DSL SNR history etc. My D-Link DSL604+ nearly had it over a decade ago (data was there, but not in the official format). Marginally more recently my BT Voyager 21xx had it. If I knew of a current modem/router with the same capability I'd buy it today (suggestions welcome).

    I do agree that having write access to the SNMP stuff in general is rather silly, especially from the WAN side of the router.

    1. ElNumbre
      Thumb Up

      Re: "why SNMP is in a home router"

      I agree; SNMP stats are so useful for diagnosing faults, particularly when trying to track down long-term trend faults that aren't shown from the noddy control panels on most devices. But no devices should be configured to answer SNMP on the WAN side by default, and the RW string should not be set to Private by default ever. Have the options configurable, but don't remove the service entirely.

  5. Anonymous Coward
    Anonymous Coward

    Finally, somebody found a use for SNMP!

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019