Was wondering if anyone else has tried out the article from Security Focus entitled "Cisco SNMP configuration attack with a GRE tunnel".

I'm able to reproduce the results, however there somewhat "chaotic". If I capture enough different snmp set packets, correct the checksums manually, and then resend them at different intervals, I'm able to get my cisco router to initiate a tftp connection with my server.

I have had no luck using the computer initiating the "attack" as the tftp server as well. I suspect that the "ICMP Dest Port Unreachable" may be throwing my router off.