[Netdisco] Security issue: Sending SNMP strings to all CDP devices

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I apologize if I have misunderstood how Netdisco discovers network
devices.

I believe that Netdisco will start discovery based on the
"center_network_device" and then look for CDP neighbors to that device. 
Once it identifies a CDP neighbor, it tries to connect to the CDP
neighbors using the SNMP strings configured in netdisco.conf.  If a SNMP
string fails, it will send the next SNMP string, and so on until all the
SNMP strings have attempted to connect to the CDP neighbor.

Now consider the possibility that an attacker is running CDP on a
workstation.  He is also running SNMP with a random community string. 
Won't Netdisco send all of your valid SNMP strings for him to capture?

The best solution to this problem is to disable CDP on all user switch
ports.  Any other ideas?

Thanks for your time,

Tristan Rhodes

[Netdisco] Security issue: Sending SNMP strings to all CDP devices

Full-featured enterprise network management tool

[Netdisco] Security issue: Sending SNMP strings to all CDP devices