SimpleSleuth™ SNMP Vulnerability Probe

Overview

The Simple Network Management Protocol (SNMP) is extensively used in today’s networks to provide configuration and monitoring for a wide variety of networked devices. Core Internet Gateways to small information appliances continue to use SNMP for their network management needs.

SimpleSleuth, is an easy-to-use, Windows-based test tool that probes for vulnerabilities in SNMP implementations. Using this tool, you can:

The CERT advisory, dated February 12, 2002(CA-2002-03), showed that products from a wide variety of vendors were susceptible to “denial-of-service” attacks, when these implementations were made to process invalid SNMP packets.

More recently, on April 20, 2004, a Technical Cyber Security Alert – TA04-111B, was issued which indicated that Cisco routers and switches were vulnerable to a DOS attack when processing SNMP requests on trap/inform response ports.

SimpleSleuth, with its associated test modules, sends thousands of invalid packets to the SNMP implementation under test and checks if the implementation is able to handle them without failure. Since the SNMP protocol uses the ASN.1 BER (Basic Encoding Rules) to encode SNMP packets, the invalid packets sent by SimpleSleuth typically fall into two categories:

This allows the different components within an SNMP implementation that decode packets and then process them, to be checked for vulnerabilities.

SimpleSleuth provides an easy to use interface that simplifies vulnerability testing and enables users to specify the type of test packets to send and then pin-points the packet that caused the vulnerability. Its modular architecture maximizes ROI by allowing users to purchase only the needed test suite modules. Six test moudles are available:

To Test Agent Implementations:
To Test Manager Implementations:

The SNMPv1 Agent Test Module includes more than 189,000 malformed SNMPv1 test packets that exercise the SNMPv1 GET, GETNEXT and SET operations. The test packets are dynamically created allowing the user control over the various values used in the packet. The test packets are made up of badly encoded and bad valued ASN.1 BER packets.

The SNMPv2c Agent Test Module includes more than 272,000 malformed SNMPv2c test packets that exercise the SNMPv2c GET, GETNEXT, SET and GETBULK operations. The test packets are dynamically created allowing the user control over the various values used in the packet. The test packets are made up of badly encoded and bad valued ASN.1 BER packets.

The SNMPv3 Agent Test Module includes more than 443,000 malformed SNMPv3 test packets that exercise the SNMPv3 GET, GETNEXT, SET and GETBULK operations. The test packets are dynamically created allowing the user control over the various values used in the packet. The test packets are made up of badly encoded and bad valued ASN.1 BER packets. SimpleSleuth supports SNMPv3 discovery to learn the corresponding engine ids and creates packets accordingly.

The SNMPv1 Manager Test Module includes over 200,000 SNMPv1 TRAP and GET RESPONSE packets. Like the SNMPv1 Agent Module, it too sends badly encoded and bad values packets, but to a management application. The traps can be sent to any SNMP Trap/Event application, while the SNMPv1 RESPONSE packets require a SNMP Manager to initiate an SNMP query (like a discovery query).

The SNMPv2c Manager Test Module includes over 451,000 SNMPv2c TRAP and GET RESPONSE packets. It also sends badly encoded and bad values packets, but to a SNMPv2c management application. The traps can be sent to any SNMP Trap/Event application, while the SNMPv2c RESPONSE packets require a SNMPv2c Manager to initiate an SNMP query (like a discovery query).

The SNMPv3 Manager Test Module includes over 500,000 SNMPv3 Trap and Inform packets and over 500,000 GET RESPONSE and REPORT packets. It also sends badly encoded and bad values packets, but to a SNMPv3 management application. The traps and informs can be sent to any SNMP Trap/Event application, while the SNMPv3 RESPONSE and REPORT packets require a SNMPv3 Manager to initiate an SNMP query (like a discovery query).

In addition to the user interface, the SimpleSleuth can also be run in an unattended mode by specifying the tests to be conducted in a command file.

Operation

Only a few simple steps are required to test an SNMP implementation. They are:

Detailed results are stored in associated files that pin-point vulnerabilities.

Benefits

Features

Supported IETF RFC’s

SNMPv1

SNMPv2

SNMPv2 Data Definition

SNMPv3

Hardware and Software Requirements

The SimpleSleuth requires the following:

SimpleTester provides SNMP protocol conformance checking functionality to complete the testing.

How is SimpleSleuth different from
Protos Test Suite from Oulu University?

SimpleSleuth extends the paradigm from SNMPv1 to SNMPv2c and SNMPv3 and adds many more tests as well as an easy to use user interface. It also creates bad packets on the fly, unlike the use of canned packets by the Protos Test Suite, allowing you to create packets that are valid for your environment and your devices. In case of SNMP Manager testing, it adds a whole new set of tests to check against bad responses from rogue agents.

Introduction to SNMP

This short tutorial will quickly introduce you to the various concepts in Simple Network Management Protocol (SNMP). and help you make informed decisions regarding your upcoming SNMP project.

SimpleSoft - an Industry Leader

Over the last 30+ years, 1000+ companies in 35 countries, have come to depend on SimpleSoft to simplify their development, testing, demonstration and management of networks and systems.

Resources

Explore our blogs, whitepapers, videos and product updates

SimpleSoft Network Simulator Overview

SimpleSoft Agent Tester Overview

SimpleSoft SimpleIoTSimulator Overview

SimpleSoft releases Version 27.5 of SimpleAgentPro/Enterprise
SimpleAgentPro/Enterprise 27.5 now GetBulk based, faster learning, include file support in Telnet modeling files to reduce duplication, automatic handling of filters in Cisco IOS CLI commands,…
Release Notes

December 20, 2023

SimpleSoft releases Version 27.0 of SimpleAgentPro/Enterprise
SimpleAgentPro/Enterprise 27.0 now supports common data representation of variables for use by many management protocols, saving of configuration command information during CLI provisioning, simplified GPB buffer specification for Telemetry, Modeling file debugger,…
Release Notes

June 29, 2023

SimpleSoft releases Version 26.5 of SimpleAgentPro/Enterprise
SimpleAgentPro/Enterprise 26.5 now supports performance statistics in Netconf, provides remote host/port information in Telnet/SSH for filtering, allows timer_action to be staggered in SNMP,…
Release Notes

December 20, 2022

SimpleSoft releases Version 26.0 of SimpleAgentPro/Enterprise
SimpleAgentPro/Enterprise 26.0 now enhances Telemetry support in HTTP2/client and HTTP2, adds valuelist support in Netconf data modeling, AES-192-C and AES-256-C support for Cisco key initialization in SNMP,…
Release Notes

July 29, 2022

SimpleSoft releases Version 25.5 of SimpleAgentPro/Enterprise
SimpleAgentPro/Enterprise 25.5 now adds enhanced Netconf support for data modeling and namespaces, improved Telnet config command score handling, HTTP/2 server response generation without data,…
Release Notes

December 14, 2021

SimpleSoft releases Version 25.0 of SimpleAgentPro/Enterprise
SimpleAgentPro/Enterprise 25.0 now includes support for HTTP/2 client for dial-out telemetry with gRPC, exporting and importing of maps, device diagnostic connectivity checking, support for a config command score to give different show command responses after config changes in Telnet/SSH,…
Release Notes

July 27, 2021