Penetration Testing mailing list archives
RE: SNMP Testing
From: "Jeff Gercken" <JeffG () kizan com>
Date: Mon, 21 Mar 2005 18:33:44 -0500
I've had the best success with snooping for snmp traffic and maybe some arp spoofing, cam table poisoning, hsrp/vrrp theft, etc. Community string reuse is typically high so if you find one it is likely good for something else. A single spoofed UDP packet could make serious configuration changes if adequate controls aren't in place (and RW is used, of course). SNMP is typically associated with clear text transmissions and weak authentication (community strings) but v3 was ratified by the IETF in 1998 which provides for strong authentication and encryption of data. Since then it has been ratified periodically to incorporate new technologies and most recently added AES cipher support (June 2004). The Microsoft snmp agent only supports weaker versions 1 and 2c. While just about every snmp monitoring application (OpenView, Tivoli, mrtg, Concord, etc) supports v3 it is curious why MS hasn't taken this step. One could go on an on with speculations as to why but a number of companies have jumped in to develop snmp agent replacements that do support v3. http://www.mg-soft.si/agent.html http://www.nudesignteam.com/agent.html http://marksw.com/snmpv3agent/windowsagent.html Does anyone have any experience with any of these or similar products? -Jeff -----Original Message----- From: Gregory Bell [mailto:gjbell1 () gmail com] Sent: Wednesday, March 16, 2005 11:51 PM To: pen-test () securityfocus com Subject: SNMP Testing Hello all, I was wondering if anyone could point me to some good resources on pen testing SNMP. We have 2 main reasons for wanted these resources/tools: 1)identifying possible vulnerabilities exposed with various SNMP implemenations 2)Correlate actual malicious/suspicious SNMP traffic in our IDS to better identify false positives associated with various SNMP related signatures. I'd appreciate any help you can give. Thanks, --Greg
Current thread:
- SNMP Testing Gregory Bell (Mar 16)
- Re: SNMP Testing L. Walker (Mar 17)
- Re: SNMP Testing brtw2003 (Mar 17)
- Re: SNMP Testing Peter Wood (Mar 17)
- RE: SNMP Testing Clement Dupuis (Mar 17)
- <Possible follow-ups>
- Re: SNMP Testing Jeff Bryner (Mar 18)
- Re: SNMP Testing Enrico Nardelli (Mar 20)
- RE: SNMP Testing Jeff Gercken (Mar 21)