Skip navigation
Menu
Security

Serious Problems with SNMPv1

The Oulu University Secure Programming Group in Finland studied SNMPv1 and discovered that it contains several serious vulnerabilities. The group used its PROTOS Test-Suite: c06-snmpv1" to perform the study.

As you know, SNMP is a widely used tool that helps you manage and configure various network devices, including routers, firewalls, servers, and client systems. The vulnerabilities that the university group discovered include multiple problems with trap and request handling, which can lead to Denial of Service (DoS) attacks and service interruptions. In some cases, depending on the vendor hardware and software, an intruder can use the vulnerability to gain access to a given device. The Computer Emergency Response Team (CERT) has released an advisory regarding the problems, as have numerous vendors, including Cisco, Compaq, 3Com, Computer Associates (CA), Caldera, and Microsoft. You can read information related to the SNMP vulnerability in the article referenced in the SECURITY RISKS section of this newsletter, and you can find CERT's bulletin regarding the matter on its Web site. CERT also has an online FAQ that addresses 21 questions related to the risks the discovery presents.

The problems are serious, so if you use SNMP to help monitor and manage your network, be certain that you check with the appropriate vendors to be sure that you have the latest patches on all of your SNMP-enabled devices. If you aren't sure which devices on your network are running SNMP, the SANS Institute has released a tool to help you discover SNMP daemons on your network (the daemons typically listen on port 161). The tool runs on Windows 2000 and Windows NT, and you don't need to have administrative access to run the tool. The tool scans for SNMP-enabled devices configured to use the community string of "Public" and also lets the user specify a particular community string. You can obtain a copy of the tool by sending email to [email protected]. SANS will send you a URL to a Web site from which you can download the tool, instructions, and related information.

SNMP is one of the most common services that intruders exploit. If you don't need to use SNMP, or if you can use other methods of remote-device monitoring and management, consider disabling SNMP on all your network devices. Doing so will greatly reduce the risks to your network and reduce the chance of someone using your network devices to exploit other networks.

Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
Businesswoman challenges concept and gender obstacles
Women in Cybersecurity Face Barriers to Hiring, Advancement
Apr 15, 2024
person typing on keyboard with icons for certificates
Top IT Certifications for a Career in Finance
Apr 12, 2024
employee working on a laptop with AI
Why AI Coding Assistants May Be Greatest Cybersecurity Threat Facing Your Business
Mar 26, 2024
cleaning products
6 Essential Steps for Spring Cleaning Your Website
Mar 21, 2024