Scan SNMP to Prevent a Hack of Your Network
Simple Network Management Protocol (SNMP) is built in to virtually every network device and can be a source of hacking. Network management programs (such as HP OpenView and LANDesk) use SNMP for remote network host management. Unfortunately, SNMP also presents security vulnerabilities.
The problem is that most network hosts run SNMP enabled with the default read/write community strings of public/private. The majority of network devices have SNMP enabled and don’t even need it.
If SNMP is compromised, a hacker may be able to gather such network information as ARP tables, usernames, and TCP connections to attack your systems further. If SNMP shows up in port scans, you can bet that a malicious attacker will try to compromise the system.
Here are some utilities for SNMP enumeration:
The commercial tools NetScanTools Pro and Essential NetTools
Free Windows GUI-based Getif
You can use Getif to enumerate systems with SNMP enabled.
In this test, you can glean a lot of information from a wireless access point, including model number, firmware revision, and system uptime. All this could be used against the host if an attacker wanted to exploit a known vulnerability in this particular system. There were several management interface usernames on this access point. You certainly don’t want to show the world this information.
For a list of vendors and products affected by the well-known SNMP vulnerabilities, refer to www.cert.org/advisories/CA-2002-03.html.
Countermeasures against SNMP attacks
Preventing SNMP attacks can be as simple as A-B-C:
Always disable SNMP on hosts if you’re not using it — period.
Block the SNMP ports (UDP ports 161 and 162) at the network perimeter.
Change the default SNMP community read string from public and the default community write string from private to another long and complex value that’s virtually impossible to guess.
There’s technically a “U” that’s part of the solution: upgrade. Upgrading your systems (at least the ones you can) to SNMP version 3 can resolve many of the well-known SNMP security weaknesses.