Enumeration Using SNMP
SNMP stands for
simple network management protocol is an application layer protocol
which uses UDP protocol to maintain and manages routers, switch, hubs other
devices on an IP network. SNMP is a very common protocol found enabled
on a variety of operating system like windows server, linux and unix server as
well as network devices like routers, switches etc.
SNMP
enumeration is used to enumerate user accoundts, passwords, group, system
names, devices on a target system.
It consists of three major
elements :
1) SNMP Manager (Managed Devices) - A
managed device is a device or a host (technically known as node) which has the
SNMP services enabled. These devices could be routers, switches, hubs, bridges
computer etc.
OR
It is a contralised system used to
monitor-network. It is also known as network management station (NMS).
2) SNMP Agent - It is a software management devices can be network devices. Managed devices
can be network devices like PC, routers, switches server etc.
3) Management information Base
- MIB consists of information of resources that are to tbe managed. These
infromation is organised hi-erachically. It consists of objects instances
which are essentially variables.
SNMP Messages
In snmp there are different variables are -
1) GetRequest
- SNMP manager sends from SNMP agent. It is simply used to retieve data from
snmp agent. In response to this, snmp agent responds with requested value
thorugh response messages.
2) GetNextRequest - This message
can be sent to discover what data is available on a SNMP agent. The snmp
manager can request for data continuously until no more data is left. In this
way, SNMP manager can take knowledege of all the available data on SNMP
agent.
3) GetBulkRequest - This message is used to
retrieve large data at once by the SNMP agent. It is introduced in SNMPv2c
4) SetRequest - It is used to SNMP manager to set the value of an obbject instance an the
SNMP agent.
5) Response - It is a message send from agent
upon a request from manager. When sent in response to set messages, it will
contain the newly set value as confirmation that the value has been set.
6) Trap
- These are messages send by the agent without being requested by the manager.
It is sent when a fault has occured.
7) InformRequest - It
was introduced in SNMPv2c, used to identify if the trap message has been
received by the manager or not. The agent can be configured to set up trap
continuously until it receives an inform messages. It is same as trap but adds
an acknowledge that trap doesn't provide.
SNMP Versions - There are 3 version of SNMP.
1) SNMPv1 - It uses community strings for
authentication. It uses UDP but can be configured to use TCP.
2) SNMPv2
- It uses community strings for authentication. It uses UDP but can configured
to use TCP.
3) SNMPv3 - It uses Hash based MAC with MD5 or
SHA for authentication and DES-56 for privacy. This version uses TCP. Therefor
conclusion is the higher the version for SNMP, more secure it will be.
SNMP Security Levels - It defines the type of security algorithm performs on SNMP packets.
There are used in only SNMPv3. There are 3 security leveles namely.
1) NoAuthentication - This ( no authentication no privacy ) security level uses community string
for authentication and no encryption for privacy.
2) authNopriv - This security level (authentication, no privacy) uses HMAC and MD5 or SHA for
authentication and encryption uses DES-56 Algorithm.
SNMP Enumeration
- Default SNMP to view or modify then SNMP can configuration settings.
Attackers can enumerate SNMP on remote network devices for the following -
# Information about network resources such as routers, share, devices etc.
# ARP and routing tables.
# Device specific information
# Traffic statistic etc.
SNMP Enumeration Tools
The following table shows the list of tools to perform SNMP
Enumeration.
Name of the Tool and weblinks
1) Oputils
www.manageengine.com/products/oputils
2) Solarwinds
www.solarwinds.com
3) SNScan
www.mcafee.com/us/downloads/free-tools/scscan.aspx
4) SNMP Scanner
http://www.secure-bytes.com/snmp-scanner.php
Disclaimer
All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.