[AtApi]

Hi to all!
Just a question, is possible for an attacker to gain remotely info about a switch? like brand,model etc..

[charon255]

If the switch (or any device for that matter) is running SNMP with weak or default community strings, and SNMP is allowed through the firewall the switch is behind, then yes it is quite easy to get all of that info and more.

In addition, NMAP can do some profiling of network devices without using SNMP.

[l0wkey]

Nmaps fingerprint can tell if its cisco or not, but if your lookin for model number or ios versions your gonna need to do like he said and get access via SNMP. Sometime admins are dumb with the telnet banners and leave some juicy information there like hostnames, which often have modelnumbers in them.

[AtApi]

Thanx for info guys!!
Pretty nice :P

[easternerd]

l0wkey, on May 5 2004, 08:35 PM, said:

Nmaps fingerprint can tell if its cisco or not, but if your lookin for model number or ios versions your gonna need to do like he said and get access via SNMP. Sometime admins are dumb with the telnet banners and leave some juicy information there like hostnames, which often have modelnumbers in them.

Only if they've got an Ip Configured. Most of those fingerprints are based on HTTP and telnet port ,(configured using console otherwise) , So if the ip is not configured than nothing can be done.