O'Reilly logo

Hardening Cisco Routers by Thomas Akin

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 8. SNMP Security

The Simple Network Management Protocol (SNMP) is an extremely useful protocol for monitoring and managing TCP/IP networks. Most networked systems come with at least a basic SNMP service enabled by default, allowing you to collect information about your network remotely. If write access is enabled, SNMP can also be used to configure devices on your network remotely.

Since read-only SNMP is enabled by default on many systems, it is an attacker’s dream. An attacker can use SNMP to map out your entire network, find out MAC and IP address binding, and even find out exactly what hardware you are using and what software versions you are running. At attacker can then use that information to search vulnerability databases and analyze your network for vulnerable trust relationships.

The following example shows just how much information an attacker can gain about your router and network through unsecured SNMP. Using the Net-SNMP snmpwalk program to get the routers system information through SNMP, you see:

% snmpwalk -v1 RouterOne public system
system.sysDescr.0 = Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-DO3S-M), Version 12.0(5)T1,  RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 17-Aug-99 13:18 by cmong
system.sysContact.0 = Jane Doe <jdoe@routerone.edu>  - Office BB 983 - x3334
system.sysName.0 = RouterOne
system.sysLocation.0 = Building A Basement - Closet 936

You now have the exact hardware and ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required