Wednesday, July 25, 2012

Port/Service Scanning using SNMP

Simple Network Management Protocol (SNMP) is used for remote monitoring and managing of hosts, routers, switches or any device connected to network SNMP works on 161/UDP, SNMP Trap on 162/UDP.

By default SNMP comes with two community strings
        public (read only access)
        private (read/write access)

Community strings or User names  with read only access rights can also be used to Scan a machine remotely for open TCP/UDP ports. The community string which I am using is "mysnmp" with read/write permissions.

Below snapshot gives information about process/service names running on the machine.

Evading IDS/IPS
Generally we use NMAP for scanning a remote machine to figure out open TCP or UDP ports. Most of the IDS/IPS might detect the Scans and flag an alert. SNMP scan might evade IDS/IPS because we are sending a legitimate SNMP request to remote devices.

Remove unnecessary MIBs which are not being used.

Other articles which might be of interest

Enjoy !!!