Vulnerabilities in SNMPv3
Network monitoring is a necessity for both reducing downtime and ensuring rapid response in the case of software or hardware failure. Unfortunately, one of the most widely used protocols for monitoring networks, the Simple Network Management Protocol (SNMPv3), does not offer an acceptable level of c...
Main Author: | |
---|---|
Published: |
Georgia Institute of Technology
2012
|
Subjects: | |
Online Access: | http://hdl.handle.net/1853/44881 |
id |
ndltd-GATECH-oai-smartech.gatech.edu-1853-44881 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-GATECH-oai-smartech.gatech.edu-1853-448812013-01-07T20:39:33ZVulnerabilities in SNMPv3Lawrence, Nigel RheaVulnerabilityMan-in-the-middleMITMExploitWeaknessAuthoritativeNon-authoritativeUSMTSMRfc14431443AuthAuthenticationNMSManagerManagementEmbeddedComputer networks MonitoringComputer networks ManagementSimple Network Management Protocol (Computer network protocol)Network monitoring is a necessity for both reducing downtime and ensuring rapid response in the case of software or hardware failure. Unfortunately, one of the most widely used protocols for monitoring networks, the Simple Network Management Protocol (SNMPv3), does not offer an acceptable level of confidentiality or integrity for these services. In this paper, we demonstrate two attacks against the most current and secure version of the protocol with authentication and encryption enabled. In particular, we demonstrate that under reasonable conditions, we can read encrypted requests and forge messages between the network monitor and the hosts it observes. Such attacks are made possible by an insecure discovery mechanism, which allows an adversary capable of compromising a single network host to set the keys used by the security functions. Our attacks show that SNMPv3 places too much trust on the underlying network, and that this misplaced trust introduces vulnerabilities that can be exploited.Georgia Institute of Technology2012-09-20T18:23:25Z2012-09-20T18:23:25Z2012-07-10Thesishttp://hdl.handle.net/1853/44881 |
collection |
NDLTD |
sources |
NDLTD |
topic |
Vulnerability Man-in-the-middle MITM Exploit Weakness Authoritative Non-authoritative USM TSM Rfc1443 1443 Auth Authentication NMS Manager Management Embedded Computer networks Monitoring Computer networks Management Simple Network Management Protocol (Computer network protocol) |
spellingShingle |
Vulnerability Man-in-the-middle MITM Exploit Weakness Authoritative Non-authoritative USM TSM Rfc1443 1443 Auth Authentication NMS Manager Management Embedded Computer networks Monitoring Computer networks Management Simple Network Management Protocol (Computer network protocol) Lawrence, Nigel Rhea Vulnerabilities in SNMPv3 |
description |
Network monitoring is a necessity for both reducing downtime and ensuring
rapid response in the case of software or hardware failure. Unfortunately, one of the
most widely used protocols for monitoring networks, the Simple Network Management
Protocol (SNMPv3), does not offer an acceptable level of confidentiality or integrity
for these services. In this paper, we demonstrate two attacks against the most current
and secure version of the protocol with authentication and encryption enabled. In
particular, we demonstrate that under reasonable conditions, we can read encrypted
requests and forge messages between the network monitor and the hosts it observes.
Such attacks are made possible by an insecure discovery mechanism, which allows
an adversary capable of compromising a single network host to set the keys used by
the security functions. Our attacks show that SNMPv3 places too much trust on the
underlying network, and that this misplaced trust introduces vulnerabilities that can
be exploited. |
author |
Lawrence, Nigel Rhea |
author_facet |
Lawrence, Nigel Rhea |
author_sort |
Lawrence, Nigel Rhea |
title |
Vulnerabilities in SNMPv3 |
title_short |
Vulnerabilities in SNMPv3 |
title_full |
Vulnerabilities in SNMPv3 |
title_fullStr |
Vulnerabilities in SNMPv3 |
title_full_unstemmed |
Vulnerabilities in SNMPv3 |
title_sort |
vulnerabilities in snmpv3 |
publisher |
Georgia Institute of Technology |
publishDate |
2012 |
url |
http://hdl.handle.net/1853/44881 |
work_keys_str_mv |
AT lawrencenigelrhea vulnerabilitiesinsnmpv3 |
_version_ |
1716475780369743872 |