SimpleSleuth™ SNMP Vulnerability Probe
Overview
The Simple Network Management Protocol (SNMP) is extensively used in today’s networks to provide configuration and monitoring for a wide variety of networked devices. Core Internet Gateways to small information appliances continue to use SNMP for their network management needs.
SimpleSleuth, is an easy-to-use, Windows-based test tool that probes for vulnerabilities in SNMP implementations. Using this tool, you can:
- Check if the devices in your network are vulnerable to a “denial-of-service” attack using SNMP.
- Check if a vendor’s patch actually fixes previously known vulnerabilities and does not introduce new ones.
The CERT advisory, dated February 12, 2002(CA-2002-03), showed that products from a wide variety of vendors were susceptible to “denial-of-service” attacks, when these implementations were made to process invalid SNMP packets.
More recently, on April 20, 2004, a Technical Cyber Security Alert – TA04-111B, was issued which indicated that Cisco routers and switches were vulnerable to a DOS attack when processing SNMP requests on trap/inform response ports.
SimpleSleuth, with its associated test modules, sends thousands of invalid packets to the SNMP implementation under test and checks if the implementation is able to handle them without failure. Since the SNMP protocol uses the ASN.1 BER (Basic Encoding Rules) to encode SNMP packets, the invalid packets sent by SimpleSleuth typically fall into two categories:
- badly encoded packets
- bad value packets that are correctly encoded.
This allows the different components within an SNMP implementation that decode packets and then process them, to be checked for vulnerabilities.
SimpleSleuth provides an easy to use interface that simplifies vulnerability testing and enables users to specify the type of test packets to send and then pin-points the packet that caused the vulnerability. Its modular architecture maximizes ROI by allowing users to purchase only the needed test suite modules. Six test moudles are available:
To Test Agent Implementations:
- SNMPv1 Agent Test Module
- SNMPv2c Agent Test Module
- SNMPv3 Agent Test Module
To Test Manager Implementations:
- SNMPv1 Manager Test Module
- SNMPv2c ManagerTest Module
- SNMPv3 Manager Test Module
The SNMPv1 Agent Test Module includes more than 189,000 malformed SNMPv1 test packets that exercise the SNMPv1 GET, GETNEXT and SET operations. The test packets are dynamically created allowing the user control over the various values used in the packet. The test packets are made up of badly encoded and bad valued ASN.1 BER packets.
The SNMPv2c Agent Test Module includes more than 272,000 malformed SNMPv2c test packets that exercise the SNMPv2c GET, GETNEXT, SET and GETBULK operations. The test packets are dynamically created allowing the user control over the various values used in the packet. The test packets are made up of badly encoded and bad valued ASN.1 BER packets.
The SNMPv3 Agent Test Module includes more than 443,000 malformed SNMPv3 test packets that exercise the SNMPv3 GET, GETNEXT, SET and GETBULK operations. The test packets are dynamically created allowing the user control over the various values used in the packet. The test packets are made up of badly encoded and bad valued ASN.1 BER packets. SimpleSleuth supports SNMPv3 discovery to learn the corresponding engine ids and creates packets accordingly.
The SNMPv1 Manager Test Module includes over 200,000 SNMPv1 TRAP and GET RESPONSE packets. Like the SNMPv1 Agent Module, it too sends badly encoded and bad values packets, but to a management application. The traps can be sent to any SNMP Trap/Event application, while the SNMPv1 RESPONSE packets require a SNMP Manager to initiate an SNMP query (like a discovery query).
The SNMPv2c Manager Test Module includes over 451,000 SNMPv2c TRAP and GET RESPONSE packets. It also sends badly encoded and bad values packets, but to a SNMPv2c management application. The traps can be sent to any SNMP Trap/Event application, while the SNMPv2c RESPONSE packets require a SNMPv2c Manager to initiate an SNMP query (like a discovery query).
The SNMPv3 Manager Test Module includes over 500,000 SNMPv3 Trap and Inform packets and over 500,000 GET RESPONSE and REPORT packets. It also sends badly encoded and bad values packets, but to a SNMPv3 management application. The traps and informs can be sent to any SNMP Trap/Event application, while the SNMPv3 RESPONSE and REPORT packets require a SNMPv3 Manager to initiate an SNMP query (like a discovery query).
In addition to the user interface, the SimpleSleuth can also be run in an unattended mode by specifying the tests to be conducted in a command file.
Operation
Only a few simple steps are required to test an SNMP implementation. They are:
- Configure the settings. Valid defaults are already set.
- Select the tests to be run or ALL.
- Specify the IP address of the device under test, and click on start.
Detailed results are stored in associated files that pin-point vulnerabilities.
Benefits
- Improve security and reliability of both your network devices and your management applications.
- Quickly check implementations for SNMP vulnerabilities to DoS attacks.
- Verify if vendor’s patches fix vulnerabilities and do not introduce new ones.
Features
- Easy-to-use GUI allows you select different types of tests.
- Test packets are dynamically created and configurable to match your environment.
- Check agent vulnerabilities to malicious attacks by sending badly encoded and bad valued SNMP packets.
- Tests can be configured to check agent status after each bad packet transmission.
- Check management application vulnerabilities to malicious attacks and rogue agents by sending bad TRAPs and GET RESPONSES.
- Supports both IPv4 and IPv6.
Supported IETF RFC’s
SNMPv1
- RFC 1157 - Simple Network Management Protocol
SNMPv2
- RFC 1901 - Community-based SNMPv2
- RFC 3416 - Protocol Operations for SNMPv2
- RFC 3417 - Transport Mappings for SNMP
- RFC 1908 - SNMPv1 and SNMPv2 Coexistence
SNMPv2 Data Definition
- RFC 1901 - Community-based SNMPv2
- RFC 1905 - Protocol Operations for SNMPv2
SNMPv3
- RFC 2571 - Architecture for SNMP Frameworks
- RFC 2572 - Message Processing and Dispatching
- RFC 2573 - SNMPv3 Applications
- RFC 2574 - User-based Security Model
Hardware and Software Requirements
The SimpleSleuth requires the following:
- IBM PC (or compatible). with network card.
- 32M of RAM and 5M of disk space.
- Microsoft Windows 7/8/2008/2012
SimpleTester provides SNMP protocol conformance checking functionality to complete the testing.
How is SimpleSleuth different from
Protos Test Suite from Oulu University?
SimpleSleuth extends the paradigm from SNMPv1 to SNMPv2c and SNMPv3 and adds many more tests as well as an easy to use user interface. It also creates bad packets on the fly, unlike the use of canned packets by the Protos Test Suite, allowing you to create packets that are valid for your environment and your devices. In case of SNMP Manager testing, it adds a whole new set of tests to check against bad responses from rogue agents.
Introduction to SNMP
This short tutorial will quickly introduce you to the various concepts in Simple Network Management Protocol (SNMP). and help you make informed decisions regarding your upcoming SNMP project.
SimpleSoft - an Industry Leader
Resources
- Video
- Product Updates
- Blogs
- White Paper
SimpleSoft Network Simulator Overview
SimpleSoft Agent Tester Overview
SimpleSoft SimpleIoTSimulator Overview
SimpleSoft releases Version 27.5 of SimpleAgentPro/Enterprise
SimpleAgentPro/Enterprise 27.5 now GetBulk based, faster learning, include file support in Telnet modeling files to reduce duplication, automatic handling of filters in Cisco IOS CLI commands,…
Release Notes
December 20, 2023
SimpleSoft releases Version 27.0 of SimpleAgentPro/Enterprise
SimpleAgentPro/Enterprise 27.0 now supports common data representation of variables for use by many management protocols, saving of configuration command information during CLI provisioning, simplified GPB buffer specification for Telemetry, Modeling file debugger,…
Release Notes
June 29, 2023
SimpleSoft releases Version 26.5 of SimpleAgentPro/Enterprise
SimpleAgentPro/Enterprise 26.5 now supports performance statistics in Netconf, provides remote host/port information in Telnet/SSH for filtering, allows timer_action to be staggered in SNMP,…
Release Notes
December 20, 2022
SimpleSoft releases Version 26.0 of SimpleAgentPro/Enterprise
SimpleAgentPro/Enterprise 26.0 now enhances Telemetry support in HTTP2/client and HTTP2, adds valuelist support in Netconf data modeling, AES-192-C and AES-256-C support for Cisco key initialization in SNMP,…
Release Notes
July 29, 2022
SimpleSoft releases Version 25.5 of SimpleAgentPro/Enterprise
SimpleAgentPro/Enterprise 25.5 now adds enhanced Netconf support for data modeling and namespaces, improved Telnet config command score handling, HTTP/2 server response generation without data,…
Release Notes
December 14, 2021
SimpleSoft releases Version 25.0 of SimpleAgentPro/Enterprise
SimpleAgentPro/Enterprise 25.0 now includes support for HTTP/2 client for dial-out telemetry with gRPC, exporting and importing of maps, device diagnostic connectivity checking, support for a config command score to give different show command responses after config changes in Telnet/SSH,…
Release Notes
July 27, 2021