-{ Quote: "Earlier this week, the National Infrastructure Protection Center (NIPC) issued an official Warning telling the world that 'action may be required to prevent the possibility of criminal exploitation by malicious hackers' who can exploit vulnerabilities of SNMP. Newer data showed that nearly every organization must take significant action to avoid the widespread vulnerability. However, many user organizations do not know which systems need to be patched or protected, because they do not know where SNMP is running. With the help of more than a dozen government and commercial and university testers and developers, SANS is providing a free software package that can immediately identify where the SNMP service is running on every system or device connected to a network.

How to get a copy:
To get a copy, email snmptool@sans.org. You will get a note back with data on how to get the tool. SANS is using this method for distribution to inform you when any updates are provided in the tool." }-

source: www.securiteam.com

regards.

paul

Thanks Paul, this can be a very useful tool.

-{ Quote: "Foundstone Offers SNScan
Posted on 14.2.2002
Foundstone Offers SNScan, Freeware Tool to Combat Latest SNMP Vulnerabilities; SNScan Accurately Detects Devices Using SNMP, Available at foundstone.com

MISSION VIEJO, Calif.--(BUSINESS WIRE)--Feb. 13, 2002--Foundstone Inc., the premier provider of security assessments and vulnerability protection, today announced SNScan, a freeware tool to quickly and accurately detect SNMP (Simple Network Management Protocol) enabled devices on a network.

Recent high-risk advisories have outlined the potential for widespread vulnerabilities across SNMP. SNScan can effectively determine the level of exposure to SNMP-related vulnerabilities across any network.

Once these devices have been identified, an administrator can determine whether to fix the SNMP service, disable SNMP or implement filters to restrict access. Recent SNMP vulnerabilities range from allowing host administrative access to Denial of Service (DoS) attacks.

"SNMP is the main protocol used to manage network devices at large corporations. There are potentially millions of systems on the Internet and within companies that are vulnerable," said Stuart McClure, CTO of Foundstone.

"SNScan is based on our flagship technology, FoundScan, known in the industry to give the most accurate information possible. Considering the number of devices vulnerable, accuracy is going to be the most important feature in combating this vulnerability."

SNScan is available as a freeware tool for download from the Foundstone corporate Web site at http://www.foundstone.com.

About Foundstone

Foundstone addresses the security and privacy needs of Global 2000 companies with its world-class Managed Vulnerability Assessment Services coupled with Professional Consulting and Education service offerings.

Foundstone has one of the most dominant security talent pools ever assembled, including experts from RSA, Ernst & Young, KPMG, PricewaterhouseCoopers and the United States Defense Department. Foundstone executives authored the international best seller "Hacking Exposed: Network Security Secrets & Solutions."

Foundstone has headquarters in Orange County, Calif. For more information, visit www.foundstone.com or call 877/91-FOUND.

Note to Editors: Foundstone is a trademark of Foundstone Inc. All other companies, brand names or products are trademarks or registered trademarks of their respective companies. " }-