Vulnerabilities in SNMPv3

Network monitoring is a necessity for both reducing downtime and ensuring rapid response in the case of software or hardware failure. Unfortunately, one of the most widely used protocols for monitoring networks, the Simple Network Management Protocol (SNMPv3), does not offer an acceptable level of c...

Full description

Bibliographic Details
Main Author: Lawrence, Nigel Rhea
Published: Georgia Institute of Technology 2012
Subjects:
USM
TSM
NMS
Online Access:http://hdl.handle.net/1853/44881
id ndltd-GATECH-oai-smartech.gatech.edu-1853-44881
record_format oai_dc
spelling ndltd-GATECH-oai-smartech.gatech.edu-1853-448812013-01-07T20:39:33ZVulnerabilities in SNMPv3Lawrence, Nigel RheaVulnerabilityMan-in-the-middleMITMExploitWeaknessAuthoritativeNon-authoritativeUSMTSMRfc14431443AuthAuthenticationNMSManagerManagementEmbeddedComputer networks MonitoringComputer networks ManagementSimple Network Management Protocol (Computer network protocol)Network monitoring is a necessity for both reducing downtime and ensuring rapid response in the case of software or hardware failure. Unfortunately, one of the most widely used protocols for monitoring networks, the Simple Network Management Protocol (SNMPv3), does not offer an acceptable level of confidentiality or integrity for these services. In this paper, we demonstrate two attacks against the most current and secure version of the protocol with authentication and encryption enabled. In particular, we demonstrate that under reasonable conditions, we can read encrypted requests and forge messages between the network monitor and the hosts it observes. Such attacks are made possible by an insecure discovery mechanism, which allows an adversary capable of compromising a single network host to set the keys used by the security functions. Our attacks show that SNMPv3 places too much trust on the underlying network, and that this misplaced trust introduces vulnerabilities that can be exploited.Georgia Institute of Technology2012-09-20T18:23:25Z2012-09-20T18:23:25Z2012-07-10Thesishttp://hdl.handle.net/1853/44881
collection NDLTD
sources NDLTD
topic Vulnerability
Man-in-the-middle
MITM
Exploit
Weakness
Authoritative
Non-authoritative
USM
TSM
Rfc1443
1443
Auth
Authentication
NMS
Manager
Management
Embedded
Computer networks Monitoring
Computer networks Management
Simple Network Management Protocol (Computer network protocol)
spellingShingle Vulnerability
Man-in-the-middle
MITM
Exploit
Weakness
Authoritative
Non-authoritative
USM
TSM
Rfc1443
1443
Auth
Authentication
NMS
Manager
Management
Embedded
Computer networks Monitoring
Computer networks Management
Simple Network Management Protocol (Computer network protocol)
Lawrence, Nigel Rhea
Vulnerabilities in SNMPv3
description Network monitoring is a necessity for both reducing downtime and ensuring rapid response in the case of software or hardware failure. Unfortunately, one of the most widely used protocols for monitoring networks, the Simple Network Management Protocol (SNMPv3), does not offer an acceptable level of confidentiality or integrity for these services. In this paper, we demonstrate two attacks against the most current and secure version of the protocol with authentication and encryption enabled. In particular, we demonstrate that under reasonable conditions, we can read encrypted requests and forge messages between the network monitor and the hosts it observes. Such attacks are made possible by an insecure discovery mechanism, which allows an adversary capable of compromising a single network host to set the keys used by the security functions. Our attacks show that SNMPv3 places too much trust on the underlying network, and that this misplaced trust introduces vulnerabilities that can be exploited.
author Lawrence, Nigel Rhea
author_facet Lawrence, Nigel Rhea
author_sort Lawrence, Nigel Rhea
title Vulnerabilities in SNMPv3
title_short Vulnerabilities in SNMPv3
title_full Vulnerabilities in SNMPv3
title_fullStr Vulnerabilities in SNMPv3
title_full_unstemmed Vulnerabilities in SNMPv3
title_sort vulnerabilities in snmpv3
publisher Georgia Institute of Technology
publishDate 2012
url http://hdl.handle.net/1853/44881
work_keys_str_mv AT lawrencenigelrhea vulnerabilitiesinsnmpv3
_version_ 1716475780369743872