Cisco SNMP configuration attack with a GRE tunnel

It is easy to be surprised when one first sees the output of an SNMP enumeration tool such as SNMP-Enum (by Filip Waeytens), when it's run against a Windows 2000 Server with the default SNMP service enabled. The wealth of information collected might leave an administrator stumped, and soon realize that SNMP holds many possibilities within.

The fact that SNMP is based on UDP makes it that much more interesting. Being a connectionless protocol, UDP is vulnerable to IP spoofing attacks. With a couple of Cisco routers in your organization, you're ready to do some testing and see what can be done in Cisco land.