Sid 1-1411

Summary

This event is generated when an SNMP connection over UDP using the default 'public' community is made.

Impact

Information gathering

Detailed information

SNMP (Simple Network Management Protocol) v1 uses communities and IP addresses to authenticate communication between the SNMP client and SNMP daemon. Many SNMP implementations come pre-configured with 'public' and 'peivate' communities. If these are not disabled, the attacker can gather a great deal of information about the device running the SNMP daemon.

Affected systems

  • Devices running snmp daemons with 'public' community enabled.

Attack scenarios

An attacker scans a range of IPs for SNMP servers having the 'public' community set and gathers information about the hosts.

Ease of attack

Simple.

False positives

None known.

False negatives

None known.

Corrective action

Disable the 'public' and 'private' communities before connecting the device with SNMP on the Internet or block access to SNMP ports using a packet filtering firewall for unauthorized addresses.

Contributors

Additional references