ISPs Battle Privacy Loophole
Page 1 of 1
Internet service providers Thursday are being warned to batten down their network access servers against a familiar type of privacy attack that's making a comeback.
According to a bug-tracking group, so-called greyhat hackers say they have developed a Perl script that can quietly extract subscribers' phone numbers and log-in names directly off an ISP's terminal servers using the Simple Network Management Protocol (SNMP).
Philadelphia-based Philtered.Net is an online community that pursues their own venue of security-related technical projects. One of the groups hackers, who uses the handle "Lumpy," said an unauthorized person, armed with the script and an Internet user's IP address, can easily query a database on the ISPs access server.
According to Lumpy, it's easy to call the management information base of an ISPs access server and use standard SNMP commands to transform an anonymous IP address into the real-world coordinates of a live person.
Lumpy also works as a security consultant and authored the script for probing SNMP information. He recently posted the information and the script on the Bugtraq mailing list.
Lumpy said three major ISPs were vulnerable to the attack, but after being notified the firms took action and properly locked down their servers to prevent SNMP access. Lumpy also claims that some ISPs have their servers configured to allow write access permissions to their MIBs and that he's been able to force dial-up users offline.
Jeff Case, president of SNMP.com, a Tennessee-based network management-consulting firm, said the unsecured nature of older versions of SNMP is common knowledge.
"The first version of SNMP is not secure and is subject to these sorts of attacks," Case said. "We've know about that since 1988 and a new version of SNMP was made available in 1998. It's been deployed to plug-up the security holes."
But Lumpy of Philtered.net said that most ISPs could prevent unauthorized access to their MIBs by properly configuring the hardware when technicians initially set up a network.
"The reason these holes exists is because people have not bothered to read the manual where it says in big letters 'change your community names and block off access to SNMP,' but some ISPs aren't wasting time reading manuals so this is what happens."
ISPs that want to determine if a SNMP privacy hole exists on their networks can check out the BugTraq advisory at SecurityFocus.com in order to tighten-up access to their networks.