03-17-2014 08:50 AM
I recently discovered a very odd SNMP v1 community string had been set on a number of 48000 (and other types of hardware) switches within my customer's SAN.
Is there any significance to the community strings l19xcm5g1ja or ##0n@ro## - these values appeared seemingly out of nowhere. There isn't any operational impact for a couple of reasons - first, the management stations use SNMP v3, and second, no trap destination IP is set up...but one or the other of these values is plugged in as Community string 1 through 6 on several devices in the same data center.
My thinking is "we've been hacked" - or that some aggressive vulnerability scan is inserting test patterns - but I can't exclude the possibility that this is simply a default bit pattern. The hex values don't seem to have any special pattern or significance either - 316c 7839 6d63 6735 6a31 isn't an especially meaningful alternating or progressive-value string.
Am I worrying over nothing here?
03-17-2014 10:02 AM
Before SNMPv3 appeared, with snmpv1, the only way to gain a little bit of security was by setting a difficult snmpv1 community. Could it be that those communities were set long time ago and they've been like that since then?