Hey Pede's
I have worked as a Network Engineer the better majority of the past 20 years of my life.
I am CCNA, SolarWinds Certified Pro, Network General Sniffer Certified Expert... among others.
I want to bring attention to the level of danger something like SolarWinds being hacked by foreigners.
SolarWinds is a network management application that grants immense capabilities and incredible monitoring.
Some of these are:
- Physical Network Diagram (Viewed live, like a Network Map) for both LAN and WAN networks.
- WAN and LAN network monitoring from physical layer all the way up through the application layer. This includes SNMP access to all devices on the network (if configured this way), which gives SolarWinds an unconscionable amount of authority and power to alter configurations on those network devices.
- Packet Sniffing, and Capturing. Can watch traffic in real time, and capture the packets.
This is just a short list of capabilities. It goes far more indepth than this, down to applications themselves like SQL databases, web traffic, email server traffic and packets, are all monitor-able with SolarWinds.
This is very bad Pede's. I worry very very much how much damage was done.
That is all.
default public string is read only. usually enabled by default on all computers. Low risk. If you want to get hold of server or machine data/files you'd need credentials. Network or company wide changes are usuallly rolled out with Group Policies.
I'm not worried about read-only.
I'm worried about network devices... routers, switches etc... being set to full access.
and that access being granted to the solarwinds NOC dashboard
and a foreign agent having access to that solarwinds dashboard... thus having full access to the network infrastructure.
Switch ports can be turned off with one command (well one click in this case).
Fair comment.. how about port mirroring a companies local network traffic out over the public internet.. fucking scary!!!
Yes and that would be an easy way to capture all traffic too