Background: Know: SNMP, Agent, BER, SNMP PDUs Recognize: SNMP MIB

Previous Next

Protecting SNMP itselfEdit

SNMP version 1 is widely implemented but not very secure, using only clear-text community strings for access to information on the switch, including its configuration file. SNMP v1/2 security can be found at SNMP security and SNMP v3 can be seen at Outline: SNMPv3 messages .

Simple Network Management Protocol (SNMP) uses the default UDP port 161 for general SNMP messages and UDP port 162 for SNMP trap messages SNMP .

To protect the network from security threats, it is essential to protect the management protocol which is running on the network. This can be done by checking if the SNMP packets are well-formed. Non-trivial given generality of Basic encoding rules and SNMP PDUs.

Basic Encoding rules

MIBs define what information is available, but in order to transfer information, it must be encoded. See encoding rules at xxJ6 Encoding Rules .


Note that SNMP uses "PDU" to name the objects carried in its messages, whereas for most protocols Protocol Data Units are what the protocol exchanges with its peer xxZ6 SNMP message format .
In 2002: “badly formatted packets caused the implementation to corrupt its memory maps ... with some implementations causing the managed device to enter a loop of continuous rebooting, and others allowing the device to then run injected code, thereby allowing the device to be hijacked by the attacker.” This is because SNMP usually used over UDP which has no flow or congestion control.

Monitoring the anomalies in SNMP MIB

NetOp should monitor counters of anomalies in SNMP MIB: snmpInBadVersions, snmpInBadCommunityNames, snmpInASNParseErrs, etc.

Details see:


Securing SNMP[1]

How to secure SNMP in Cisco switches and routers at [1]