For more details, please see ourCookie Policy.


Fibre Channel (SAN)

Reply
New Contributor
Posts: 2
Registered: ‎08-01-2013

*Strange* community string value on 48000 switches

I recently discovered a very odd SNMP v1 community string had been set on a number of 48000 (and other types of hardware) switches within my customer's SAN.

 

Is there any significance to the community strings l19xcm5g1ja or ##0n@ro## - these values appeared seemingly out of nowhere. There isn't any operational impact for a couple of reasons - first, the management stations use SNMP v3, and second, no trap destination IP is set up...but one or the other of these values is plugged in as Community string 1 through 6 on several devices in the same data center.

 

My thinking is "we've been hacked" - or that some aggressive vulnerability scan is inserting test patterns - but I can't exclude the possibility that this is simply a default bit pattern. The hex values don't seem to have any special pattern or significance either - 316c    7839    6d63    6735    6a31 isn't an especially meaningful alternating or progressive-value string.

 

Am I worrying over nothing here?

Valued Contributor
Posts: 761
Registered: ‎06-11-2010

Re: *Strange* community string value on 48000 switches

Before SNMPv3 appeared, with snmpv1, the only way to gain a little bit of security was by setting a difficult snmpv1 community. Could it be that those communities were set long time ago and they've been like that since then?

 

New Contributor
Posts: 2
Registered: ‎08-01-2013

Re: *Strange* community string value on 48000 switches

I suppose it's possible those might have been set long-ago; it does seem odd that it's only at that data center, nowhere else...

Join the Broadcom Community

Get quick and easy access to valuable resources across the Broadcom Community Network.