Simple Network Management Protocol (SNMP) is used for remote monitoring and managing of hosts, routers, switches or any device connected to network SNMP works on 161/UDP, SNMP Trap on 162/UDP.
By default SNMP comes with two community strings
public (read only access)
private (read/write access)
Community strings or User names with read only access rights can also be used to Scan a machine remotely for open TCP/UDP ports. The community string which I am using is "mysnmp" with read/write permissions.
Below snapshot gives information about process/service names running on the machine.
Generally we use NMAP for scanning a remote machine to figure out open TCP or UDP ports. Most of the IDS/IPS might detect the Scans and flag an alert. SNMP scan might evade IDS/IPS because we are sending a legitimate SNMP request to remote devices.
Remove unnecessary MIBs which are not being used.
Other articles which might be of interest
Post a Comment