By default SNMP comes with two community strings
public (read only access)
private (read/write access)
Community strings or User names with read only access rights can also be used to Scan a machine remotely for open TCP/UDP ports. The community string which I am using is "mysnmp" with read/write permissions.
Below snapshot gives information about process/service names running on the machine.
Evading IDS/IPS
Generally we use NMAP for scanning a remote machine to figure out open TCP or UDP ports. Most of the IDS/IPS might detect the Scans and flag an alert. SNMP scan might evade IDS/IPS because we are sending a legitimate SNMP request to remote devices.
Protection
Remove unnecessary MIBs which are not being used.
Other articles which might be of interest
http://darshanams.blogspot.in/2010/11/wireshark-remote-packet-capture-bit-of.html
http://darshanams.blogspot.in/2012/05/cain-and-abel-password-cracking.html
Enjoy !!!
No comments:
Post a Comment