96 Vulnerability ManageMent
a password to “password” on a conventional host. Some scanners also
have the ability to cycle through the default community strings used
on a variety of devices. ey will also sometimes have the ability to try
other community strings specified by the user. You could consider this
approach a brute-force attack on the SNMP configuration.
Using a hierarchical structure known as a management informa-
tion base (MIB), information about the target is requested. All kinds
of information can be requested, some of it unique to a vendor. Many
installations have SNMP enabled by default, and therefore accept
requests and expose information. e more common community strings
are “public,” “private,” and “secret.” ere are also ...