Home arrow Site Administration arrow Page 6 - Webserver Security (Part I)

Remote SNMP queries - Administration

This first article in a two-part series deals with tools to find security holes in webservers and workstations. Some of the topics covered are: port scanning, finding NFS security holes, and using lsof.

TABLE OF CONTENTS:
  1. Webserver Security (Part I)
  2. The server offers services it was not intended to
  3. Dumping a zone using nslookup
  4. Other Helpful Tools
  5. rpcinfo query to www.example.server
  6. Remote SNMP queries
By: Kristian Kohntopp
Rating: starstarstarstarstar / 2
April 19, 2000

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement
SNMP is a service which can provide an attacker with very detailed information about the target system and its networking environment. Many standard installations provide this service and often it is not disabled or secured. As an added bonus, this is an UDP service, so it will not show up in standard portscans - it is under the radar of many system administrators.

Again we are stalking sample-university.net:
# snmpwalk center2.sample-university.net public
system.sysDescr.0 = OCTET STRING: "Fore Systems ATM Host (AIX 1 000005016600)"
system.sysObjectID.0 = OBJECT IDENTIFIER: enterprises.326.2.1
system.sysUpTime.0 = Timeticks: (0) 0:00:00
system.sysContact.0 = OCTET STRING: ""
system.sysName.0 = OCTET STRING: "center2."
system.sysLocation.0 = OCTET STRING: ""
system.sysServices.0 = INTEGER: 72
interfaces.ifNumber.0 = INTEGER: 7
interfaces.ifTable.ifEntry.ifIndex.1 = INTEGER: 1
interfaces.ifTable.ifEntry.ifIndex.2 = INTEGER: 2
interfaces.ifTable.ifEntry.ifIndex.3 = INTEGER: 3
interfaces.ifTable.ifEntry.ifIndex.4 = INTEGER: 4
interfaces.ifTable.ifEntry.ifIndex.5 = INTEGER: 5
...
We are told the type and patchlevel of the system, we get a list of all interfaces (not shown) and we can even use SNMP to dump the complete routing tables. This is useful to remotely gather information about the topology of the target network and enables us to direct our attacks to the strategically valuable hosts. Together with data taken from the DNS as shown above we will be able to construct a complete network map for the target. If additional management modules are being installed, we get even more important data, such as management information about Oracle, SAP or other remotely controlled subsystems. SNMP is being used in many routers and in RMON network probes, too. If these are not secured properly, we are even able to get traffic measurements from the target.

 
 
>>> More Site Administration Articles          >>> More By Kristian Kohntopp
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

SITE ADMINISTRATION ARTICLES

- Coding: Not Just for Developers
- To Support or Not Support IE?
- Administration: Networking OSX and Win 7
- DotNetNuke Gets Social
- Integrating MailChimp with Joomla: Creating ...
- Integrating MailChimp with Joomla: List Mana...
- Integrating MailChimp with Joomla: Building ...
- Integrating MailChimp with Joomla
- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: