What To Do About SNMP Vulnerabilities

Given the information that there have been security vulnerabilities in SNMP has gone out to miscreants as well as the rest of the world, it is paramount that network managers secure their borders as soon as possible. Learn what steps you should take in this article.

By  Jim Freund | Feb 15, 2002
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Who knew? The Simple Network Management Protocol (SNMP) has been around for a very long time -- the early 80's, in fact. But now it has been reported by CERT, SAMS, the Oulu University Secure Programming Group (OUSPG) in Finland, and other major security analysts that there have always been multiple vulnerabilities in many implementations within SMNP version 1.

SMNP is used to manage and monitor all sorts of equipment including computers, core router switches, broadband devices, printers, and sniffers. The protocol works by sending Protocol Data Units (PDUs) to different parts of the network. Agents, devices which are made SNMP-compliant devices, store data about themselves in Management Information Bases (MIBs) and return this data to the SNMP requesters.

SNMP supports five different types of messages:

  • GetRequest
  • SetRequest
  • GetNextRequest
  • GetResponse
  • Trap
The flaws exist in both trap and request handling.

There has been some discussion on what network managers should do, given that several major brands of firewalls utilize SNMP, and may therefore be vulnerable themselves, but prudence would seem to dictate that until the appropriate patches are applied, those ports which use SNMP should be shut down for the nonce.


CERT has published a vendor-by-vendor listing, determining whether or not their implementation is vulnerable, and the date of their latest patch. Now that the cat is out of the bag, and those who would break into systems are aware of these flaws, it is paramount that network managers update to these patches ASAP.

Double-check that your firewalls are filtering out unauthorized SNMP data traffic, and you may consider disabling equipment that uses SNMP services for which patches are not yet available.

--
For some time now, there has been a movement to define a new, more robust set of protocols called SNMP 2 that would provide additional information, but adoption has been slow. However, for reasons unrelated to these recent reports, there may be life for this new proposed standard. We'll have the story on that next week.

jfreund@internet.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >