Brocade Fibre Channel Networking Community

Expand all | Collapse all

*Strange* community string value on 48000 switches

  • 1.  *Strange* community string value on 48000 switches

    Posted 03-17-2014 08:51 AM

    I recently discovered a very odd SNMP v1 community string had been set on a number of 48000 (and other types of hardware) switches within my customer's SAN.

     

    Is there any significance to the community strings l19xcm5g1ja or ##0n@ro## - these values appeared seemingly out of nowhere. There isn't any operational impact for a couple of reasons - first, the management stations use SNMP v3, and second, no trap destination IP is set up...but one or the other of these values is plugged in as Community string 1 through 6 on several devices in the same data center.

     

    My thinking is "we've been hacked" - or that some aggressive vulnerability scan is inserting test patterns - but I can't exclude the possibility that this is simply a default bit pattern. The hex values don't seem to have any special pattern or significance either - 316c    7839    6d63    6735    6a31 isn't an especially meaningful alternating or progressive-value string.

     

    Am I worrying over nothing here?


    #BrocadeFibreChannelNetworkingCommunity


  • 2.  Re: *Strange* community string value on 48000 switches

    Posted 03-17-2014 10:03 AM

    Before SNMPv3 appeared, with snmpv1, the only way to gain a little bit of security was by setting a difficult snmpv1 community. Could it be that those communities were set long time ago and they've been like that since then?

     


    #snmp
    #BrocadeFibreChannelNetworkingCommunity
    #snmpcommunity


  • 3.  Re: *Strange* community string value on 48000 switches

    Posted 03-17-2014 12:34 PM

    I suppose it's possible those might have been set long-ago; it does seem odd that it's only at that data center, nowhere else...


    #BrocadeFibreChannelNetworkingCommunity