Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SNMP v1 and later versions vulnerabilities?

Posted on 2006-10-30
2
Medium Priority
?
510 Views
Last Modified: 2010-04-11
Can you please tell me the vulnerabilities in SNMP v1 and later versions, i cant get a detailed paper on SNMP vulnerabilities only in detail, they just use to describe the protocol in detail and tell in 2 or 3 lines the vulnerabilities in it. I want detail on the attacks so i can defend more accurately.
0
Comment
Question by:shairankhan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 17836539
Aside from various implementation problems like buffer overflows, the underlying protocol issues are as follows:

SNMPv1: essentially does no authentication

SNMPv2: uses Community Strings for authentication, which are sent over the net in the clear where anyone can pick them up and reply them. Also all clients use the same Community String, so they all have the same level of access (other than really coarse level of read-write vs. read-only)

SNMPv3: Replaces Community Strings with shared cryptographic secrets so at least they can't be replayed.
0
 
LVL 3

Accepted Solution

by:
mahe2000 earned 500 total points
ID: 17842868
a couple of comments to what chris calabrese said, in snmp v2 you usually have two kind of access with different communities on for read-only access (usually "public" community but it can be changed) and one for write access (usually "private" community but it can be changed).

in snmp version 3 you can set up what you want your users can access.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out what's been happening in the Experts Exchange community.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question