[AdvisorBits] Security Supplement 13-02-2002

[John Walker]

This is an urgent supplement to AdvisorBits, an informational newsletter
published monthly by GilbertWalker Group. We are releasing this information
at this time, because the vulnerability exposure is so wide spread, and the
potential impact on the major portions of the public network infrastructure
is significant.

Our recommendations:

1) Shut down SNMP services on servers and anywhere else it is not needed.
Definitely block and if possibly log any of this traffic at your network
perimeter.

2) Review all traffic on your network and monitor ports 161/162 for unusual
activity.

3) Review vendor supplied information for all network enabled/connected
devices. Follow vendor instructions to mitigate exposure or remedy issue.
The list of vendors who have supplied information to CERT is extensive.

We have contacted all clients of GilbertWalker Group who we know to be
effected by this and are taking appropriate action. If you have any
questions regarding this supplement or the vulnerability described, please
contact us to schedule an appointment: (info@gilbertwalker.com) For more
information about GilbertWalker Group LLC, please see our website:
http://www.gilbertwalker.com

____________________________________________________________________________
_

Related reading:

The University at Oulo, Norway is responsible for the research which
identified these vulnerabilities: This is the specific paper they released
yesterday:

http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html

And here's the story in American IT press:

http://www.informationweek.com/story/IWK20020212S0007

Finally, the CERT pages related to this incident: 

http://www.cert.org/advisories/CA-2002-03.html