IWS - The Information Warfare Site
News Watch Make a  donation to IWS - The Information Warfare Site Use it for navigation in case java scripts are disabled

ALERT 02-001

"Potential for Multi-Sector Internet Outages"
February 12, 2002

The National Infrastructure Protection Center is aware of potential vulnerabilities existing within the Simple Network Management Protocol (SNMP) -- a protocol used by routers, switches and hubs on the Internet and other related equipment. To date, there have been no confirmed exploitations of these vulnerabilities. However, action may be required to prevent the possibility of criminal exploitation by malicious hackers. NIPC has been monitoring the vulnerabilities and is working to address the issue and minimize potential disruption.

Due to the widespread use of the SNMP, the number of affected products is extensive. NIPC, along with Carnegie Mellon University's Computer Emergency Response Team/Coordination Center (CERT/CC), is working with other government agencies, network security experts, and industry representatives to define, prioritize, and mitigate these vulnerabilities. In the absence of a specific SNMPv1 vulnerability and patch, the following list of "best practices" has been suggested by CERT/CC:

1. Review what versions of SNMP are running; apply vendor patches as available.

2. Disable SNMP service if not critical.

3. Block access to SNMP services at network perimeter.

4. Filter SNMP traffic from non-authorized internal hosts.

5. Change default community strings.

6. Segregate SNMP traffic onto a separate management network.

7. Apply egress filtering on ports 161 and 162.

8. Disable stack execution where possible.

For additional information on preventing the exploitation of computer systems, visit the CERT/CC homepage at http://www.cert.org.

Actual or attempted hacking is a serious federal offense that could land first time offenders in jail for ten years and repeat offenders in jail for 20 years. The NIPC encourages the reporting of computer intrusions to local FBI offices or the NIPC Watch and Warning Unit at (202) 323-3205 or 1(888) 585-9078. You can also e-mail NIPC at nipc.watch@fbi.gov. In addition, incidents can be reported online at http://www.nipc.gov/incident/cirr.htm.