Home » Security Bloggers Network » Ethical hacking: SNMP recon

Ethical hacking: SNMP recon

by Lester Obbayi on March 31, 2020

Introduction

In this article, we will discuss the various methods one could take to perform reconnaissance on the SNMP protocol. As you may know, SNMP reveals too much information about targets that might result in attackers compromising a target network. Today, we’ll explore the available tools that one can use to query information on targets.

Overview of SNMP

There are numerous protocols available today, and SNMP is one of the least understood. SNMP allows us to manage computers and network devices.

SNMP is stateless and is datagram-oriented. It allows one to manage computers within the network. The managed computers will have an agent that communicates with the manager computer. These agents will send information to the manager, which will be stored in a database known as the Management Information Base (MIB), which is a hierarchical organization of the information collected on every SNMP device within the network.

This juicy information is invaluable for hackers that are going for SNMP information within the network. Hackers are able to target this database for information on hosts on the network, such as:

Users: This can be able to describe the number of user accounts and their names. User groups and account creation information can also be obtained using SNMP
Software installed: The installed software list can be easily obtained from the target machine easily using SNMP. This can be extremely valuable when determining the versions of installed software for a more targeted attack
Open ports: Hackers can be able to determine open ports with more stealth by querying SNMP information rather than conducting an active scan that might give them away to system admins and others

SNMP communication takes place with Protocol Data Units (PDUs), of which there are several different types. These include: