SNMP stands for Simple Network Management Protocol and is a standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Typical devices include routers, switches, servers, workstations, printers and modem racks. This protocol exposes system configuration information in the form of variables on the managed devices. These variables can be queried and sometimes set too. There are many tools in Kali Linux to play and have fun with this protocol.

This protocol operates in the Application Layer of the Internet Protocol Suite (that is the Layer 7 of the OSI model) and it receives requests on UDP port 161. SNMP exist in three versions (1-3, with several version of 2). The first Requests for Comments (RFC)s for SNMPv1 appeared in 1988. SNMPv1 and SNMPv2 poses a threat since authentication is done by a community string (think of it as a password) which is sent in clear text. Sniff a hoy! In fact, there are many devices out there running on standard community strings. SNMPv3 is considered a more secure choice since it has cryptographic security. Remember that SNMPv3 enabled devices may fool you, it may also support SNMPv1 and SNMPv2 without you knowing it. I’ve stumbled upon few of these through the years.

The use of SNMP is widespread – and so are vulnerable devices. A quick search on Shodan.io, as pr. writing, using the search term “snmpv1” alone yielded 9801 results, whilst “snmpv2” yielded 2 results. For snmpv3? 184 results. This result is a bit flawed since the query doesn’t pick up welcome banners which is either anonymous or doesn’t contain traces of the word “snmp”. But you get the idea. Given that it is so widespread I would recommend you to do a full network probe and killing off anything not needed. Often vulnerability scanners will report on SNMP and port scanners will find the 161 port in a snap – there’s no reason to think attackers would not take advantages of this.

Resources

Advertisements