Scanning the Internet with SNMP

This is a great article that reveals the results of Gnucitizen.org scanning the Internet for open SNMP (Simple Network Management Protocol) ports.

First they detail why SNMP makes such a juicy target, namely the UDP port scans are fast and SNMP holds a wealth of infomation.

Gnucitizen scanned 2.5 million IP’s and 5320 responded to the SNMP request. This is astounding number when you conisder that two rookie mistakes must be made for this to happen.

1. An internet facing device has SNMP enabled
2. It is configured with the default community string of “public”

I really can’t believe that I haven’t thought of trying this before on a smaller scale.

In response allow me the latitude of giving a word of warning and education. We often assume that it is highly crafted sophisticated attacks that threaten our networks when more commonly the vulnerability is the result of lazy and/or ignorant admins.

Every time you add a network device make sure to do at least 2 things,
1. Change the default password,
2. Secure SNMP either by changing the default community strings or even better use SNMPv3, if you aren’t going to use SNMP then disable it.

You’d be amazed how many times I can plug into a hardwire port fire up a SNMP scanner and get tons of info from switches and other network devices. Take the time to do it right.

For more info on SNMP start with the Wikipedia and follow to the RFC’s.

2 responses to “Scanning the Internet with SNMP”

  1. Ken Stewart says:

    What are your thoughts on NAC, especially for the SMB?

  2. Tsu Doh Nimh says:

    I love the IDEA of NAC. However, the current state of NAC is immature and overpriced.

    I’ve done some security testing on the Cisco NAC and there are some major flaws espcially if VOIP is in play. http://tinyurl.com/5fasdy

    I think NAC/Endpoint Security is the way of the future.

    Considering my priorities as an admin, I don’t really care about my endpoint desktops/laptops. My true concern is the integrity of my data and my network. Desktop Signature Based AV is dead and the threat from my cubicle mates PC or an open network jack in a hallway is much greater than EuroMob hackers. I need my network to defend itself from its edges and therefore NAC/Endpoint will be the answer.

    Just not yet.

    Personally I’m waiting for Symantec to release their NAC product that will integrate into their Endpoint Security product and I’m waiting for another legit networking company to give Cisco some competition so the effectiveness of both products will be enhanced.

Leave a Reply