Return-Path: <sentto-279987-4463-1013751913-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Thu, 14 Feb 2002 22:07:08 -0800 (PST) Received: (qmail 16020 invoked by uid 510); 15 Feb 2002 05:45:39 -0000 Received: from n35.groups.yahoo.com (216.115.96.85) by all.net with SMTP; 15 Feb 2002 05:45:39 -0000 X-eGroups-Return: sentto-279987-4463-1013751913-fc=all.net@returns.groups.yahoo.com Received: from [216.115.97.166] by n35.groups.yahoo.com with NNFMP; 15 Feb 2002 05:45:16 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_2); 15 Feb 2002 05:45:13 -0000 Received: (qmail 98154 invoked from network); 15 Feb 2002 05:45:13 -0000 Received: from unknown (216.115.97.171) by m12.grp.snv.yahoo.com with QMQP; 15 Feb 2002 05:45:13 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta3.grp.snv.yahoo.com with SMTP; 15 Feb 2002 05:45:13 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g1F65Do08602 for iwar@onelist.com; Thu, 14 Feb 2002 22:05:13 -0800 Message-Id: <200202150605.g1F65Do08602@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Thu, 14 Feb 2002 22:05:13 -0800 (PST) Subject: [iwar] [fc:NIPC.ALERT.02-001:."Potential.for.Multi-Sector.Internet.Outages"] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit NIPC ALERT 02-001: "Potential for Multi-Sector Internet Outages" NIPC, 2/12/02 <a href="http://www.nipc.gov/warnings/alerts/2002/02-001.htm">http://www.nipc.gov/warnings/alerts/2002/02-001.htm> The National Infrastructure Protection Center is aware of potential vulnerabilities existing within the Simple Network Management Protocol (SNMP) -- a protocol used by routers, switches and hubs on the Internet and other related equipment. To date, there have been no confirmed exploitations of these vulnerabilities. However, action may be required to prevent the possibility of criminal exploitation by malicious hackers. NIPC has been monitoring the vulnerabilities and is working to address the issue and minimize potential disruption. Due to the widespread use of the SNMP, the number of affected products is extensive. NIPC, along with Carnegie Mellon University's Computer Emergency Response Team/Coordination Center (CERT/CC), is working with other government agencies, network security experts, and industry representatives to define, prioritize, and mitigate these vulnerabilities. In the absence of a specific SNMPv1 vulnerability and patch, the following list of "best practices" has been suggested by CERT/CC: 1. Review what versions of SNMP are running; apply vendor patches as available. 2. Disable SNMP service if not critical. 3. Block access to SNMP services at network perimeter. 4. Filter SNMP traffic from non-authorized internal hosts. 5. Change default community strings. 6. Segregate SNMP traffic onto a separate management network. 7. Apply egress filtering on ports 161 and 162. 8. Disable stack execution where possible. For additional information on preventing the exploitation of computer systems, visit the CERT/CC homepage at http://www.cert.org. Actual or attempted hacking is a serious federal offense that could land first time offenders in jail for ten years and repeat offenders in jail for 20 years. The NIPC encourages the reporting of computer intrusions to local FBI offices or the NIPC Watch and Warning Unit at (202) 323-3205 or 1(888) 585-9078. You can also e-mail NIPC at nipc.watch@fbi.gov. In addition, incidents can be reported online at <a href="http://www.nipc.gov/incident/cirr.htm">http://www.nipc.gov/incident/cirr.htm>. ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST