FANDOM


Background: Know: SNMP, Agent, BER, SNMP PDUs Recognize: SNMP MIB

Up
Previous Next
Down

Protecting SNMP itselfEdit

SNMP version 1 is widely implemented but not very secure, using only clear-text community strings for access to information on the switch, including its configuration file. SNMP v1/2 security can be found at SNMP security and SNMP v3 can be seen at Outline: SNMPv3 messages .

Simple Network Management Protocol (SNMP) uses the default UDP port 161 for general SNMP messages and UDP port 162 for SNMP trap messages SNMP .

To protect the network from security threats, it is essential to protect the management protocol which is running on the network. This can be done by checking if the SNMP packets are well-formed. Non-trivial given generality of Basic encoding rules and SNMP PDUs.

Basic Encoding rules

MIBs define what information is available, but in order to transfer information, it must be encoded. See encoding rules at xxJ6 Encoding Rules .

SNMP PDUs

Note that SNMP uses "PDU" to name the objects carried in its messages, whereas for most protocols Protocol Data Units are what the protocol exchanges with its peer xxZ6 SNMP message format .
In 2002: “badly formatted packets caused the implementation to corrupt its memory maps ... with some implementations causing the managed device to enter a loop of continuous rebooting, and others allowing the device to then run injected code, thereby allowing the device to be hijacked by the attacker.” This is because SNMP usually used over UDP which has no flow or congestion control.

Monitoring the anomalies in SNMP MIB

NetOp should monitor counters of anomalies in SNMP MIB: snmpInBadVersions, snmpInBadCommunityNames, snmpInASNParseErrs, etc.

Details see: http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/

References

Securing SNMP[1]

How to secure SNMP in Cisco switches and routers at [1]

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.