Silly question - SNMP worst case scenario - SNMP

This is a discussion on Silly question - SNMP worst case scenario - SNMP ; My manager said "if someone finds out our Read/Create SNMP community string the worst thing that could happen is a hacker could shut down or reboot the server". We're running primararily HP ProLiant Servers (2K and 2K3). Is his statement ...

+ Reply to Thread
Results 1 to 7 of 7

Thread: Silly question - SNMP worst case scenario

  1. Silly question - SNMP worst case scenario

    My manager said "if someone finds out our Read/Create SNMP community
    string the worst thing that could happen is a hacker could shut down or
    reboot the server".

    We're running primararily HP ProLiant Servers (2K and 2K3). Is his
    statement true?

    JB


  2. Re: Silly question - SNMP worst case scenario

    HI,

    Can't determine the impact without knowning the MIB objects
    supported by the SNMP agent.

    On Mon, 11 Apr 2005 jbyy4u@yahoo.com wrote:
    > My manager said "if someone finds out our Read/Create SNMP community
    > string the worst thing that could happen is a hacker could shut down or
    > reboot the server".
    >
    > We're running primararily HP ProLiant Servers (2K and 2K3). Is his
    > statement true?
    >
    > JB


    Regards,
    /david t. perkins

  3. Re: Silly question - SNMP worst case scenario

    Thanks.

    How would I go about determining the MIB objects that are settable in
    the agent?

    If I used a MIB walker would that help me?

    Thanks again!

    JB


  4. Re: Silly question - SNMP worst case scenario

    jbyy4u@yahoo.com wrote:

    > How would I go about determining the MIB objects that are settable in
    > the agent?


    If you are lucky, the vendor provides some definition somewhere of
    what the agents do support. There is actually a formal notation called
    AGENT-CAPABILITIES for this purpose. Few vendors, however, post their
    agent capabilities.

    > If I used a MIB walker would that help me?


    No. What you can do is look at objects with a MAX-ACCESS of read-write
    or read-create in the MIB files implemented by your box and then you
    try to write them. This takes time, but it will give you definite
    answer.

    /js

    --
    Juergen Schoenwaelder International University Bremen
    P.O. Box 750 561, 28725 Bremen, Germany

  5. Re: Silly question - SNMP worst case scenario

    Thanks. I can search HP for the Agent-Capabilities documention and see
    what comes up.

    What (free) utility would allow me to filter a mib by
    "Max-Access=read-write" OR "Max-Access=read-create" ?

    Thanks again!

    JB


  6. Re: Silly question - SNMP worst case scenario


    wrote in message
    news:1113244844.235725.263890@l41g2000cwc.googlegr oups.com...
    > My manager said "if someone finds out our Read/Create SNMP community
    > string the worst thing that could happen is a hacker could shut down or
    > reboot the server".
    >
    > We're running primararily HP ProLiant Servers (2K and 2K3). Is his
    > statement true?
    >
    > JB
    >


    I assume that by 2K and 2K3 you mean that they run windows.

    your boss statement is true only if SNMP is the only exploitable software
    running at the servers, but most likely it is not. It is enough for a good
    hacker to know your read comunity, and then utilize the fact that
    microsoft's agent expose the software that is installed and running on your
    server, and then figure out an attack against that software, which in turn
    may result in implenting a spywaare or a virus into your network.

    In order to have a secure network you have to either firewall the SNMP port
    or use an SNMPv3 agent (which implements authentication and can be
    configured to a give a restricted view) like this
    http://marksw.com/snmpv3agent/windowsagent.html

    Mark.



  7. Re: Silly question - SNMP worst case scenario


    wrote in message
    news:1113244844.235725.263890@l41g2000cwc.googlegr oups.com...
    > My manager said "if someone finds out our Read/Create SNMP community
    > string the worst thing that could happen is a hacker could shut down or
    > reboot the server".


    Depends on the MIB's

    But, assuming a net-snmp-like Agent, The hacker can probably learn what
    software you use, The version of OS, Your MAC adress, Maybe even set
    Firewall rules ...

    All of which are useful in an attack.

    .... and if you got some kind of scripting MIB on the box, the hacker can
    probably dispense with most of the boring work and kick off an install of
    some "toolz" directly.

    PS:

    If the hacker can see your SNMP traffic, he can see your community strings
    easily; SNMPv3 can fix this and restrict access to dangerous MIB areas too.



+ Reply to Thread