August 15th, 2003, 10:59 AM
SNMP information leakage
I have been looking at our internal network and have noticed that if an attacker wanted to, he/she could gather a tremendious amount of information regarding all of our servers. I don't know why SNMP is running but I am still wondering if there a way in which SNMP can function in a secure manor. We have a network composed of Sun, Novell, and NT machines.
Does anyone have any information regarding this matter?
Thanks in advance!
August 15th, 2003, 12:46 PM
the Simple Network Managment Protocol is standard for internetwork managment. Because it is a simple solution, requiring little code to implement, vendors can easily build SNMP agents to their products. SNMP is extensible, allowing vendors to easily add network managment functions to their existing products. SNMP also separates the managment architecture from the architecture of the hardware devices, which broadens the base of multivendor support.
but it can be easily misused
there is a simple way, remove the public and private community string, dont give any simple word for read write community string
public community string is enough to get required information to an attacker abt ur devices,
if the read write string is compromised then the attacker can even change the settings of ur network devices like router or switches,
Go into Control Panel.
Select the Network icon.
Choose the Services Tab.
Select the Add button.
Choose SNMP Service.
Under the Traps tab, add an SNMP community name or names
do not use public, remove it
for routers read the manual to change or remove the community strings
you may find this link usefull
August 15th, 2003, 01:22 PM
Just what I was looking for
Thanks for your super explanation. It was just what I wa looking for.
Have a good weekend.
Could SNMP traffic be filtered, only permitting certain hosts to obtain this information? Who needs to be able to obtain this information?
August 15th, 2003, 01:56 PM
yes offcourse the traffic can be blocked
You can restrict SNMP communications and allow it to communicate with only a set list of SNMP management systems.
traps can be enabled, it will be fired in specific events like password violation bad request etc
August 15th, 2003, 02:47 PM