Fibre Channel (SAN)

Reply
New Contributor
Posts: 2
Registered: ‎08-01-2013

*Strange* community string value on 48000 switches

I recently discovered a very odd SNMP v1 community string had been set on a number of 48000 (and other types of hardware) switches within my customer's SAN.

 

Is there any significance to the community strings l19xcm5g1ja or ##0n@ro## - these values appeared seemingly out of nowhere. There isn't any operational impact for a couple of reasons - first, the management stations use SNMP v3, and second, no trap destination IP is set up...but one or the other of these values is plugged in as Community string 1 through 6 on several devices in the same data center.

 

My thinking is "we've been hacked" - or that some aggressive vulnerability scan is inserting test patterns - but I can't exclude the possibility that this is simply a default bit pattern. The hex values don't seem to have any special pattern or significance either - 316c    7839    6d63    6735    6a31 isn't an especially meaningful alternating or progressive-value string.

 

Am I worrying over nothing here?

Valued Contributor
Posts: 761
Registered: ‎06-11-2010

Re: *Strange* community string value on 48000 switches

Before SNMPv3 appeared, with snmpv1, the only way to gain a little bit of security was by setting a difficult snmpv1 community. Could it be that those communities were set long time ago and they've been like that since then?

 

New Contributor
Posts: 2
Registered: ‎08-01-2013

Re: *Strange* community string value on 48000 switches

I suppose it's possible those might have been set long-ago; it does seem odd that it's only at that data center, nowhere else...

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook