On 05 June 2001 15:37, MJ Ray [SMTP:markj@cloaked.freeserve.co.uk] wrote:
[...] (SNMP walk Anyone ?).
Yep, that one scared me when I saw how talkative our machines were. Silly Compaq Unix enables no end of crap services by default.
Last year I spent 6 months writing an extensible SNMP agent for a call centre software suite. Wasn't fun and certainly wasn't easy. However about 4 weeks after it went live some bright spark noticed it was now possible to get a full picture of the network and its nodes, names and all sorts of other stuff (because of the newly functioning MS SNMP services) across the internet by issuing an SNMP Walk against the public MIB on the firewall's IP (which had been configured for SNMP traffic due to this new agent reporting to the sysadmin remotely!)
NB Anyone who hasn't a clue what I'm talking about try the following : 1) if you can, get the MS platform SDK and install the snmptool component. (there are tons of free SNMP tools about on the net if you can't get this... a quick lycos search should get you some) 2) Ensure you have the SNMP Service active (WIN NT... dunno about other flavours though I know you can have SNMP installed) 3) try the following command (other tools should be very similar in usage) snmptool walk 127.0.0.1 public 1 Here is the output from my work machine :
-----SNIP----- SnmpTool - Simple Network Management Protocol Tool for Win32
Performing branch walk starting at OID 1.3.6.1.2.1.1 Name: system.sysDescr.0 OID: 1.3.6.1.2.1.1.1.0 Type: OCTET STRING Length: 135 Value: Hardware: x86 Family 6 Model 5 Stepping 2 AT/AT COMPATIBLE - Software: Windows NT Version 4.0 (Build Number: 1381 Uniprocessor Free )
Name: system.sysObjectID.0 OID: 1.3.6.1.2.1.1.2.0 Type: OBJECT IDENTIFIER Length: 12 Value: 1.3.6.1.4.1.311.1.1.3.1.1
Name: system.sysUpTime.0 OID: 1.3.6.1.2.1.1.3.0 Type: TimeTicks Value: 6914
Name: system.sysContact.0 OID: 1.3.6.1.2.1.1.4.0 Type: OCTET STRING Length: 14 Value: Earl Brannigan
Name: system.sysName.0 OID: 1.3.6.1.2.1.1.5.0 Type: OCTET STRING Length: 6 Value: APOLLO
Name: system.sysLocation.0 OID: 1.3.6.1.2.1.1.6.0 Type: OCTET STRING Length: 13 Value: In the Window
Name: system.sysServices.0 OID: 1.3.6.1.2.1.1.7.0 Type: INTEGER Value: 79 End of MIB branch -----SNIP-----
Try the following command ... very interesting if you are connected to a network .... snmptool walk 127.0.0.1 public .1.3 (note the point in front of the 1 - important) For my machine I can see the shared drives, mapped network drives, ethernet adapters, the names/ip addresses of every other machine on my subnet......and all with little effort. It doesn't take einstein to figure out how useful some of this info is to the potential hacker.... BTW, try this against a few web servers when connected to the net....you could be intrigued.
I will also bring along some good info in pdf/html/text format for
further
reading for anyone who is interested.
We could upload this to the web site on the day, too?
Ha! what a fabulous idea... I'll get it all onto one disk and its all yours .....;o) Good excuse to organise it all anyway.
-- MJR