SNMP-server ACL
inscom.brigade
Member Posts: 400 ■■■□□□□□□□
in Off-Topic
hey guys
I am doing a ground up solarwinds deployment.
my internal network is up and now I want to set up my border router and bring in the regions.
I am not finding much info about SNMP access lis
I am doing a ground up solarwinds deployment.
my internal network is up and now I want to set up my border router and bring in the regions.
I am not finding much info about SNMP access lis
Comments
-
inscom.brigade Member Posts: 400 ■■■□□□□□□□hey guys
I am doing a ground up solarwinds deployment.
my internal network is up and now I want to set up my border router and bring in the regions.
I am not finding much info about SNMP access list
anyone have any good reading on this or could provide some guidance? -
shochan Member Posts: 1,014 ■■■■■■■■□□From what I have read (see below), your default SNMP community strings (public & private) should be changed to a different name, IF using SNMP v1 or v2...It would probably be best to just disable those older versions & enable SNMP v3 which will require pw & encrypt community strings if queried on your network.
Here is some info pulled from a book I am reading - Another enumerating technique across the board is attempting to take advantage of Simple Network Management Protocol (SNMP). SNMP was designed to manage IP-enabled devices across a network. As a result, if it is in use on the subnet, you can find out loads of information with properly formatted SNMP requests. Later versions of SNMP make this a little more difficult, but plenty of systems are still using the protocol in version 1.
SNMP works much like a dispatch center. A central management system set up on the network will make requests of SNMP agents on the devices. These agents respond to the requests by going to a big virtual filing cabinet on each device called the Management Information Base (MIB). The MIB holds all sorts of information, and it’s arranged with numeric identifiers (called object identifiers [OIDs]) from general information to the very specific. The request points out exactly what information is requested from the MIB installed on that device, and the agent responds with only what is asked. MIB entries can identify what the device is, what operating system is installed, and even usage statistics. In addition, some MIB entries can be used to actually change configuration settings on a device. When the SNMP management station asks a device for information, the packet is known as an SNMP GET Request. When it asks the agent to make a configuration change, the request is an SNMP SET Request.
SNMP uses a community string as a form of password. The read-only version of the community string allows a requester to read virtually anything SNMP can drag out of the device, whereas the read-write version is used to control access for the SNMP SET requests. Two major downsides are involved in the use of both these community string passwords. First, the defaults, which are all active on every SNMP-enabled device right out of the box, are ridiculously easy. The read-only default community string is public, whereas the read-write string is private. Assuming the network administrator left SNMP enabled and/or did not change the default strings, enumerating with SNMP is a snap.
Note
There are a couple of other quick notes worth bringing up with SNMP. First, SNMP enumeration doesn’t work as well with later versions. SNMP version 3 encrypts the community strings, which makes enumeration harder. Second, although public and private are the default strings, some devices are configured to use other strings by default. It might be worthwhile researching them before you begin your efforts.
The second problem with the strings is that they are sent in clear text. So, even if the administrators took the time to change the default community strings on all devices (and chances are better than not they’ll miss a few here and there), all you’ll need to do to grab the new strings is watch the traffic—you’ll eventually catch them flying across the wire. Tools you can use to enumerate with SNMP include SNMPUtil, OpUtils 5, and IP Network Browser (SolarWinds).CompTIA A+, Network+, i-Net+, MCP 70-210, CNA v5, Server+, Security+, Cloud+, CySA+, ISC² CC, ISC² SSCP -
Hondabuff Member Posts: 667 ■■■□□□□□□□You just need to setup your RO/RW community strings on your devices and use those passwords when your doing a network scan in NPM under SNMP settings in the Scan wizard. I also use my SW server as a logging server. Don't forget to enable traps under your devices.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln