Introduction to the SNMP protocol

The SNMP protocol was developed in the early 1990s s to simplify device management and data acquisition in large networks. Many Network-related software packages, such as HP's OpenView and Nortel Networks's Optivity Network Management System, as well as Multi Router Traffic GrapherMRTG and other free software, SNMP is used to simplify network management and maintenance.

Because the SNMP protocol works very well, network hardware vendors began to add the SNMP protocol to each device they created. Today, all kinds of network devices can see the default enabled SNMP service, from the switch to the router, from the firewall to the network printer, no exception.

The problem is that SNMP protocols installed by many vendors use default communication strings, such as passwords ), these communication strings are essential for the program to obtain device information and modify the configuration. The advantage of using the default communication string is that software on the network can directly access the device without complicated configuration.

The communication string mainly contains two types of commands: GET command and SET command. The GET command reads data from a device, which is usually an operation parameter, such as the connection status and interface name. The SET command allows you to SET certain parameters of a device. This type of function is generally restricted, for example, disabling a certain? Why is Mu phenol good? Skirt Delta limit 5? Evenly distributed packet ET and SET commands may all be used for DoS attacks) and maliciously modifying network parameters.

The most common default communication strings are public-read-only and private-read/write). In addition, there are many default communication strings private by the vendor. Some form of default communication string can be found on almost all network devices running the SNMP protocol.

The security mechanisms of SNMP 2.0 and SNMP 1.0 are weak, and communication is not encrypted. All communication strings and data are sent in plaintext. Once attackers capture network communication, they can use various sniffer tools to directly obtain the communication string, even if the user changes the default value of the Communication string.

In recent years, SNMP 3.0 solves some problems. To protect communication strings, SNMP 3.0 uses the DESData Encryption Standard) Algorithm to encrypt data communication. In addition, SNMP 3.0 can also use MD5 and SHASecure Hash Algorithm) technology to verify the node identifier, this prevents attackers from impersonating a management node to operate the network. For more information about SNMP 3.0, see http://www.ietf.org/rfc/rfc2570.txt.

Although SNMP 3.0 has been around for a while, it has not been widely used yet. If the device was a product two or three years ago, it is likely that SNMP 3.0 is not supported at all. Even some newer devices only support SNMP 2.0 or SNMP 1.0.

Even if the device already supports SNMP 3.0, many vendors still use standard communication strings, which are not a secret to hacker organizations. Therefore, although SNMP 3.0 provides more security features than earlier versions, the actual effect is still limited if it is improperly configured.