Security watchers are advising users to protect their networks following one of the biggest security threats in internet history.

Hundreds or even thousands of different devices that rely on Simple Network Management Protocol (SNMP) have been found to be vulnerable to security compromises.

The biggest problem is that so many devices - including routers, switches, servers, cable modems and firewalls - use vulnerable SNMP installations which could be exploited to crash or compromise systems.

Internet Security Systems X-Force director Chris Rouland warned: "The SNMP vulnerabilities pose a potentially serious threat to IT infrastructures.

"Although the magnitude of vulnerability this issue creates is unclear at this time, the existence of dangerous attack tools in the computer underground that enable attackers to take advantage of these vulnerabilities poses an immediate threat.

"We caution all users to take action to minimise their potential risk."

Security newswires are awash with information on locking down systems to guard against the threat. Rouland advised locking down managed routers with access to control lists, and installing firewalls with rules that allow only authorised IP addresses, whether inbound or outbound.

Users should also turn off SNMP in all cases where it is not required, and put in place anti-spoofing rules so that packets cannot be inserted from outside the network.

This also applies to any spoofing outbound from the network. Apply this rule to all devices on the network whether or not they face the internet.

Users connecting to the web via an internet service provider should contact their modem or router vendor for security measures. They are also advised to consider installing perimeter defences in the form of a router with filtering capabilities, and personal firewall software with intrusion detection capabilities.

Warnings were also going up on the Bugtraq security mailing list this morning. One user, Robert Graham, summed up the feelings of many of the security watchers.

"This is big. It isn't a single vulnerability, but a suite of potentially hundreds of vulnerabilities. This is just the beginning. More will be coming," he said.

According to the Bugtraq discussion, these problems are not new. They have been known about since the early 1990s but have been considered as 'bugs' rather than vulnerabilities.

There is also speculation that somebody could develop an exploit that compromises a printer and forwards copies of everything printed out to the hacker.

"SNMP has always been a huge vulnerability, even when it could not be directly exploited," explained Graham. "Your first impulse should always be to disable it. There are exploits that have been used in the underground for years that still haven't made it to Bugtraq."

According to Graham, the problem is bigger than it seems. "Some older versions of Solaris (2.6?) put an SNMP service at a port in the range 32768-32800 (the same vulnerability as putting a port mapper at a high port)," he said.

"This wasn't mentioned in the Computer Emergency Response Team advisory. If you are a heavy Sun Microsystems shop, these should be blocked anyway," he concluded.