Penetration Testing mailing list archives

Re: SNMP Testing

From: "L. Walker" <lwalker () magi net au>
Date: Thu, 17 Mar 2005 16:26:04 +1100

On Thu, 2005-03-17 at 04:51 +0000, Gregory Bell wrote:

Hello all,

I was wondering if anyone could point me to some good resources on pen
testing SNMP. We have 2 main reasons for wanted these resources/tools:
1)identifying possible vulnerabilities exposed with various SNMP implemenations
2)Correlate actual malicious/suspicious SNMP traffic in our IDS to
better identify false positives associated with various SNMP related
signatures.

I'd appreciate any help you can give.

Thanks,

--Greg


I'd look at information disclosure - a lot of default/insecure
installations will allow you to gleam information off routers and other
network devices simply by querying SNMP on that given device.

snmpwalk is one application you can find to help you do the deed, so to
speak.

I'd also use gateways, and dedicated NIDS/IDS/IPS systems to help track
and locate SNMP traffic and any other traffic on your network - keep in
mind, it really depends how you've designed your network to begin with
as to where you're going to place hardware designed to keep track of the
entire network.

-- 
L. Walker
Administrator / Consultant
Blog:  http://magi.net.au

Current thread:

SNMP Testing Gregory Bell (Mar 16)
- Re: SNMP Testing L. Walker (Mar 17)
- Re: SNMP Testing brtw2003 (Mar 17)
- Re: SNMP Testing Peter Wood (Mar 17)
- RE: SNMP Testing Clement Dupuis (Mar 17)
- <Possible follow-ups>
- Re: SNMP Testing Jeff Bryner (Mar 18)
  - Re: SNMP Testing Enrico Nardelli (Mar 20)
- RE: SNMP Testing Jeff Gercken (Mar 21)