[TOOL] Onesixtyone, an Efficient SNMP Scanner
From: support@securiteam.comDate: 03/09/02
- Previous message: support@securiteam.com: "[NT] Java Applets Can be Used to Redirect Browser Traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Sat, 9 Mar 2002 00:21:26 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Onesixtyone, an Efficient SNMP Scanner
------------------------------------------------------------------------
DETAILS
The SNMP protocol is a stateless, datagram-oriented protocol. An SNMP
scanner is a program that sends SNMP requests to multiple IP addresses,
trying different community strings and waiting for a reply. Unfortunately,
SNMP servers do not respond to requests with invalid community strings and
the underlying UDP protocol does not reliably report closed UDP ports.
This means that 'no response' from the probed IP address can mean either
of the following:
a) Machine unreachable
b) SNMP server not running
c) Invalid community string
d) The response datagram has not yet arrived
The approach taken by most SNMP scanners is to send the request, wait for
n seconds, and assume that the community string is invalid. If only one of
every hundred scanned IP addresses responds to the SNMP request, the
scanner will spend 99*n seconds waiting for replies that will never come.
This makes traditional SNMP scanners very inefficient.
Onesixtyone takes a different approach to SNMP scanning. It takes
advantage of the fact that SNMP is a connectionless protocol and sends all
SNMP requests as fast as it can. Then the scanner waits for responses to
come back and logs them, in a fashion similar to Nmap ping sweeps. By
default, Onesixtyone waits for 10 milliseconds between sending packets,
which is adequate for 100MBs switched networks. The user can adjust this
value via the -w command line option. If set to zero, the scanner will
send packets as fast as the kernel would accept them, which may lead to
packet drop.
ADDITIONAL INFORMATION
The tool can be downloaded from:
<http://www.phreedom.org/article.php?id=29>
http://www.phreedom.org/article.php?id=29
The information has been provided by <mailto:solareclipse@phreedom.org>
Solar Eclipse.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] Java Applets Can be Used to Redirect Browser Traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
