The ONE strategy every CIO and Technology Leader needs to know about SNMP Enumeration

The ONE strategy every CIO and Technology Leader needs to know about SNMP Enumeration

SNMP is a great protocol.  But just like anything, the technology is as good as the person operating it.  

Here are some quick facts about SNMP:

  • SNMP Is Connectionless!
  • SNMP uses UDP as a form of communication. Which means it’s connectionless (It won’t necessarily reply back to a request like TCP does).
  • SNMP utilises ports 161 and 162:
  • 161 is normal request/reply traffic and trap where SNMP manager sends traffic when thresholds exceed uses port 162.
  • SNMP’s OID – Object ID – this is the way the MIB’s are managed.
  • SNMP’s MIB – Management Information Base – the information we can see and monitor/modify via SNMP.

Let’s go into a little more detail on how hackers can break SNMP:

  • SNMP – Walking The Tree
    If an attacker is listening on the network, you can intercept the details since they are clear text, if you are using version 1 and 2 of SNMP.

    • Walking (Walking the tree) – the management station makes a request saying = “Show me what you have!”
    • The agent on the router will report back all the details in the MIB!

Default Credentials 

  • Default password for reading information from SNMP – will be “Public” with RO = Read Only.
  • And for RW (Read Write) the default password is “Private.”

The challenges for these passwords is that they are predictable if we leave them as defaults and are CLEAR TEXT if using (Version 1 and Version 2 of SNMP)

So my number #1 tip and strategy for mitigating SNMP Enumeration is:

Remove any SNMP agents from any core system, or even turn off the SNMP service altogether on critical systems.  You may also want to stop any access that points to null sessions – ideally you’ll want to block access to the SNMP Ports – TCP/UDP 161.  Also, don’t forget to change the default passwords too.

 

Hope this has been useful..

Meet Andrew Constantine

Andrew Constantine is an entrepreneur and a cyber security advisor who is changing the world of cyber security. He is the CEO of Australia’s largest community of technology and business executives.

1 reply
  1. Information Security
    Information Security says:

    SNMP is used across the infrastructure for different types of monitoring purposes. If SNMP is required there are multiple ways of reducing the risk:
    1. Have SNMP communication only between the SNMP management stations and the infrastructure that needs to be monitored. This way SNMP traffic will only be limited between the stations and the destination.
    2. Use SNMP v3 and change the default passwords as stated above.

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *