Snmp - Simple Network Mediated (Cisco) Pwnage presented at ZaCon 2

by Georg Christian Pranschke (SensePost),

Tags: Security Infrastructure Access Network Penetration

Summary : The Simple Network Management Protocol, which is widely deployed on enterprise networks suffers from several well known shortcomings in terms of security. Even though version 3 of the protocol addresses these issues, versions 1 and 2c remain the de facto standard in the wild. SNMP security is especially paramount when enabled on Cisco appliances, as these are frequently configurable via SNMP.

The talk is going to outline what the particular weaknesses of SNMP are, how these tie in with weaknesses in Cisco IOS and finally how common SNMP and Cisco misconfigurations can be leveraged to obtain administrative access to appliances such as routers, switches and bridges.

This attack scenario is demonstrated using a newly developed framework, that largely automates SNMP based attacks against Cisco appliances.

The presentation will conclude with a brief discussion of the impact of this type of attack and what countermeasures can be employed to secure routing infrastructure against it.

Georg Christian Pranschke: George recently started working for SensePost where he breaks into things, having previously finished an honours degree from Rhodes University. In his spare time, George finds vulnerabilities in open source products and plays with his dog, but not in that way. George is also a zoologist and enjoys finding, identifying and breeding things that most people would spray with doom or hit with a broom.