GEN:SID | 1:1413 |
Message | SNMP private access udp |
Summary | This event is generated when an SNMP connection over UDP using the default 'private' community is made.
|
Impact | Information gathering
|
Detailed Information | SNMP (Simple Network Management Protocol) v1 uses communities and IP addresses to authenticate communication between the SNMP client and SNMP daemon. Many SNMP implementations come pre-configured with 'public' and 'private' communities. If these are not disabled, the attacker can gather a great deal of information about the device running the SNMP daemon.
|
Affected Systems | Devices running SNMP daemons with 'public' community enabled.
|
Attack Scenarios | An attacker scans a range of IPs for SNMP servers having the 'public' community set and gathers information about the hosts.
|
Ease of Attack | Simple.
|
Corrective Action | Disable the 'public' and 'private' communities before connecting the device with SNMP on the Internet or block access to SNMP ports using a packet filtering firewall for unauthorized addresses.
|
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0013 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0012 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0517
|
Rule References | bugtraq: 4088
bugtraq: 4089
bugtraq: 4132
bugtraq: 7212
cve: 2002-0012
cve: 2002-0013
|