Webserver Security (Part I) - Remote SNMP queries (Page 6 of 6 )
SNMP is a service which can provide an attacker with very detailed information about the target system and its networking environment. Many standard installations provide this service and often it is not disabled or secured. As an added bonus, this is an UDP service, so it will not show up in standard portscans - it is under the radar of many system administrators.
Again we are stalking sample-university.net:
# snmpwalk center2.sample-university.net public
system.sysDescr.0 = OCTET STRING: "Fore Systems ATM Host (AIX 1 000005016600)"
system.sysObjectID.0 = OBJECT IDENTIFIER: enterprises.326.2.1
system.sysUpTime.0 = Timeticks: (0) 0:00:00
system.sysContact.0 = OCTET STRING: ""
system.sysName.0 = OCTET STRING: "center2."
system.sysLocation.0 = OCTET STRING: ""
system.sysServices.0 = INTEGER: 72
interfaces.ifNumber.0 = INTEGER: 7
interfaces.ifTable.ifEntry.ifIndex.1 = INTEGER: 1
interfaces.ifTable.ifEntry.ifIndex.2 = INTEGER: 2
interfaces.ifTable.ifEntry.ifIndex.3 = INTEGER: 3
interfaces.ifTable.ifEntry.ifIndex.4 = INTEGER: 4
interfaces.ifTable.ifEntry.ifIndex.5 = INTEGER: 5
...
We are told the type and patchlevel of the system, we get a list of all
interfaces (not shown) and we can even use SNMP to dump the complete routing tables. This is useful to remotely gather information about the topology of the target network and enables us to direct our attacks to the strategically valuable hosts. Together with data taken from the DNS as shown above we will be able to construct a complete network map for the target. If additional management modules are being installed, we get even more important data, such as management information about Oracle, SAP or other remotely controlled subsystems. SNMP is being used in many routers and in RMON network probes, too. If these are not secured properly, we are even able to get traffic measurements from the target.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
