Results 1 to 5 of 5

Thread: SNMP information leakage

  1. #1

    SNMP information leakage

    Hi,

    I have been looking at our internal network and have noticed that if an attacker wanted to, he/she could gather a tremendious amount of information regarding all of our servers. I don't know why SNMP is running but I am still wondering if there a way in which SNMP can function in a secure manor. We have a network composed of Sun, Novell, and NT machines.

    Does anyone have any information regarding this matter?

    Thanks in advance!
    Regards,
    Sarid

  2. #2
    the Simple Network Managment Protocol is standard for internetwork managment. Because it is a simple solution, requiring little code to implement, vendors can easily build SNMP agents to their products. SNMP is extensible, allowing vendors to easily add network managment functions to their existing products. SNMP also separates the managment architecture from the architecture of the hardware devices, which broadens the base of multivendor support.
    but it can be easily misused
    there is a simple way, remove the public and private community string, dont give any simple word for read write community string

    public community string is enough to get required information to an attacker abt ur devices,

    if the read write string is compromised then the attacker can even change the settings of ur network devices like router or switches,

    for NT
    Go into Control Panel.
    Select the Network icon.
    Choose the Services Tab.
    Select the Add button.
    Choose SNMP Service.

    Under the Traps tab, add an SNMP community name or names
    do not use public, remove it

    for routers read the manual to change or remove the community strings

    you may find this link usefull
    http://www.microsoft.com/technet/tre...t3/tcpch10.asp

  3. #3

    Just what I was looking for

    Thanks for your super explanation. It was just what I wa looking for.

    Have a good weekend.

    Could SNMP traffic be filtered, only permitting certain hosts to obtain this information? Who needs to be able to obtain this information?

    Thanks
    Regards,
    Sarid

  4. #4
    yes offcourse the traffic can be blocked
    You can restrict SNMP communications and allow it to communicate with only a set list of SNMP management systems.
    traps can be enabled, it will be fired in specific events like password violation bad request etc

  5. #5
    Super. Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •