Snmp

[premshamo]

Dear Ones:
How SNMP works. Is SNMP a threat or usefull,
regards

[DeadAddict]

This should help you with any questions you have http://www2.rad.com/networks/1995/snmp/snmp.htm
and here is a Faq http://www.faqs.org/faqs/snmp-faq/

[mrleachy]

SNMP, also known as simple network mangement protocol

used to see traffic going to routers, PC's and any other computer equipment ona netowkr running the SNMP service, can be used to map networks, see data flows thru certain switches, computers and the like

if you dont need to use the service, disable it if it's running, it can be seen as a potential security risk, but the service itself cant lead to a break in, it just lets attackers known what equipment is on your network if its not secured, generally you dont need it running at all

[thread_killer]

have to agree with mrleachy to disable it if you aren't using it.

I, however, couldn't live without it. I use it to monitor my infrastructure devices, my network printers, and all my servers. With the right tools, you can do amazing things with SNMP. I use HP OpenView to collect and send information to all those devices in my network. Using SNMP I know when devices go down in my network, or are need of patching. In the case of a patch, let's say a new firmware version of my jet direct cards has been released, I can put the patch in one central location, then whip up a little perl script that goes out and applies the patch to all the necessary pieces of equipment using the SNMP set feature. It knows which devices need to be patched based on the information it has already collected from the SNMP get feature.

SNMP uses MIB's to collect and disseminate information. The MIB tree is whacked out to us humans, but extremely simple to a computer. Basically there is a giant MIB tree that is out there, and every fork in the tree has a number. When a computer sees a MIB value of .4.2.1.7.8.5.3.7.4.8.98.3.7.32.4.7 it knows exactly where to look in the MIB tree for the associated value. It's quite a powerful tool with a very simple design.

If you do want play with SNMP, be sure to change the community string names. The string names are like passwords that have to match up in order for SNMP to work. Contrary to popular belief, there are no 'default' SNMP passwords, but just about every vendor on God's green earth uses 'public' as the RO string and 'private' for the RW string. CHANGE THEM!!!!

Security is a little weak, but if you tweak it enough you can mitigate the risks and have yourself an awesome arrow in your quiver.

[JmysterCDS]

what programs would use snmp

[nebulus200]

SNMP is just a tool, whether that tool is destructive or useful is up to the user of the tool. Some of the information that is passed through SNMP MIB's would be system information, system points of contact, system location, system time, routing tables, interfaces, usually some kind of statistics like uptime, bandwidth usage, etc. Good examples of programs that use SNMP are MRTG (multi-router traffic graph, it polls routers every little bit and then makes continuous graphs of bandwidth usage, and can be configured to graph other things like CPU usage, room temperature, etc), HP Openview (it essentially follows all the interface/routing information around and draws a picture of your network, and if you leave the device managed, shows you whether the device is up/down), or SNMPwalk, which will essentially walk a device for every MIB on it.

SNMP can be a very useful tool, but it can also be a very dangerous one because of all the information that it passes around freely. They primary security feature to SNMP is the passing of a password around (SNMP read/write keys, yes SNMP can change devices if you let it); however, they are generally set to default values (like ILMI, Cisco, ANYCOM, Public, Private, etc) which you must change) and the devices pass the password around in the clear, so it isn't that hard to get it...The other thing you can do is use access-lists or SNMP configurations to limit who make talk SNMP to the device. A combination of this should insulate you fairly well.

You should also take the further step of denying udp/161 (snmp) and udp/162 (snmp trap) at all boundary devices/firewalls, to filter out external people trying to do SNMP queries. You should be fairly protected from the inside so long as you wrapped the SNMP service and provided a strong 'password'.

SNMP can be very useful, but can be very dangerous if not properly configured.

/nebulus