Anyone running their own network should be sure their Cisco router is patched against the SNMP exploit. We were hit twice last Wednesday, causing our routers to reboot. Total down time was about 60 seconds, but it sure set off a lot of alarms. I used it as an opportunity to update our IDS software.

Windows servers are also vulnerable. 2000 has a patch, NT does not.

You can find details at Cisco and Microsoft sites.

Actually, anything running SNMP is vunerable.

BTW, what IDS system are you using (I have been taking an un-official poll :) )

Originally posted by RackMy.com
Actually, anything running SNMP is vunerable.

BTW, what IDS system are you using (I have been taking an un-official poll :) )

Some network vendors were unaffected by the SNMP vulnerability. When we did updates, we didn't have to touch our Foundry, Extreme or Nortel switches.

To your second question, I like:

SecureNet Pro: http://www.intrusion.com/
LIDS: http://www.lids.org/