Location of Repository

Vulnerabilities in SNMPv3

By Nigel Rhea Lawrence

Abstract

Network monitoring is a necessity for both reducing downtime and ensuring rapid response in the case of software or hardware failure. Unfortunately, one of the most widely used protocols for monitoring networks, the Simple Network Management Protocol (SNMPv3), does not offer an acceptable level of confidentiality or integrity for these services. In this paper, we demonstrate two attacks against the most current and secure version of the protocol with authentication and encryption enabled. In particular, we demonstrate that under reasonable conditions, we can read encrypted requests and forge messages between the network monitor and the hosts it observes. Such attacks are made possible by an insecure discovery mechanism, which allows an adversary capable of compromising a single network host to set the keys used by the security functions. Our attacks show that SNMPv3 places too much trust on the underlying network, and that this misplaced trust introduces vulnerabilities that can be exploited.MSCommittee Chair: Patrick Traynor; Committee Member: Ahamad, Mustaque; Committee Member: Giffin, Jo

Topics: Vulnerability, Man-in-the-middle, MITM, Exploit, Weakness, Authoritative, Non-authoritative, USM, TSM, Rfc1443, 1443, Auth, Authentication, NMS, Manager, Management, Embedded, Computer networks Monitoring, Computer networks Management, Simple Network Management Protocol (Computer network protocol)
Publisher: Georgia Institute of Technology
Year: 2012
OAI identifier: oai:smartech.gatech.edu:1853/44881
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://hdl.handle.net/1853/448... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.