The network using Simple Network Management Protocol (SNMP) is threatened by hacker intrusion. Without any indication, intruders can take over your network and control the network communication flow, or disrupt normal transactions in the network. Fortunately, the solution to this problem has been published. Although the implementation process is monotonous, the process of fixing the vulnerability is quite simple.
SNMP is a standard management protocol in TCP/IP networks. It allows various devices and software in the network, including switches, routers, firewalls, hubs, and even operating systems, Server products and components, can communicate with management software to report its current behavior and status. However, SNMP can also be used to control these devices and products, redirect communication streams, change the priority of communication packets, or even disconnect communication. In short, intruders can take over your network if they have the corresponding capabilities.
To protect the network, follow these steps. First, to ensure network security, disable SNMP before installing patches provided by network devices and software vendors. You must carefully check the routers and switches running SNMP on each network, the Hub and server, and whether or not the SNMP of each application software is disabled.
Step 2: download and install patches for all devices and software before enabling SNMP. Program . Cisco is a vendor that has made 85% of network hardware devices. Today it has promised to fix this vulnerability. In addition, some vendors have released patches for this vulnerability.
Step 3: Make sure that the firewall has been set to block SNMP access from the Internet to the Intranet. Note that SNMP may be enabled for the firewall. Therefore, make sure that the firewall has installed the corresponding patch. To block SNMP access from the Internet to the Intranet, the Sans Institute recommends that you disable access from the Internet to TCP and UDP ports 161 and 162 on the Intranet. For Cisco products, access to intranet UDP port 1993 from the Internet should also be disabled. If your enterprise also has network devices outside the firewall, and these devices must use SNMP (such as an Internet Router), make sure that the corresponding patches are installed on these devices.
Note that not only hardware devices have such SNMP vulnerabilities. Windows (excluding XP), Linux, some versions of UNIX, some mail servers and commercial servers, and some administrative tools including HP OpenView and CA Unicenter also have this vulnerability. This means that if you normally use a network management tool to monitor and control the network, before all devices and Applications install patches for this vulnerability, you may have to manually monitor the network.
On the other hand, if you can ensure that the firewall settings are correct and the firewall itself has no vulnerabilities, you may spend less time. However, you should also monitor all the devices and software behind the firewall, as well as the firewall itself, to ensure that your network is not the target of intruders, and to ensure that every possible internet access point is protected by the firewall.
Here is a patch.
Http://www.microsoft.com/technet/security/bulletin/ms02-006.mspx
I believe that when we use X-scan, the weak SNMP password is always public, but few people pay attention to it and do not know how to use it. Now let's talk about its purpose, he can leak a lot of host information
Tool to use the [snmputil] http://www.patching.net/abu/tools/win/snmputil.exe
Collective commands run in DOS. I wrote out the commands that are important.
Snmputil walk peer IP Public. 1.3.6.1.2.1.25.4.2.1.2 List System Processes
Snmputil walk peer IP Public. 1.3.6.1.4.1.77.1.2.25.1.1 list of system users
Snmputil get peer IP Public. 1.3.6.1.4.1.77.1.4.1.0 list domain names
Snmputil walk peer IP Public. 1.3.6.1.2.1.25.6.3.1.2 List Installed Software
Snmputil walk peer IP Public. 1.3.6.1.2.1.1 list system information