Understanding SNMP Vulnerabilities

1
Understanding SNMP Vulnerabilities

• By
• Latha Sudharshan
• Vasudha Yaramala

2
Introduction

• What is a Network Management Protocol?
• SNMP most widely used
• Oulu University Secure Programming Group (OUSPG)
• Goal describe SNMP vulnerabilities, its impact
  and solutions

3
SNMP Overview

• A standard protocol to manage networks and
  systems
• An SNMP-managed network consists of three key
  components managed devices, agents, and
  network-management systems (Managers).
• Where does SNMP pitch in?

4
SNMP Vulnerabilities

• How is SNMP vulnerable?
• SNMP vulnerabilities
• Multiple vulnerabilities in SNMPv1 request
  handling
• Multiple vulnerabilities in SNMPv1 trap handling

5
Impact

• Specific impact may vary from product to product
• Unexpected input to agents and managers will lead
  to unexpected results
• Vulnerabilities in the decoding and subsequent
  processing of SNMP messages by both managers and
  agents may result in
• denial-of-service conditions
• buffer overflows
• allow an attacker to gain unauthorized,
  privileged access to the affected device
• viruses and worms

6
Solution

• Apply patch from vendor
• Disable the SNMP service
• Ingress filtering
• Filter SNMP traffic from non-authorized internal
  hosts
• Change default community strings
• Segregate SNMP traffic onto a separate management
  network
• Egress filtering
• Share tools and techniques

7
Conclusion

• SNMP widely used but not perfect
• Emerging SNMP versions 2 and 3
• Ignorance is not bliss when it comes to network
  security