16/02/2022

IP Security – SNMP – Simple Network Management Protocol 161

Used by various devices and applications (including firewalls and routers) to communicate logging and management information with remote monitoring applications. Typically, SNMP agents listen on UDP port 161, asynchronous traps are received on port 162.

SNMP ports are utilised via UDP 161 for SNMP Managers communicating with SNMP Agents (i.e. polling) and UDP 162 when agents send unsolicited Traps to the SNMP Manager.

Recommended Actions

One of the key vulnerabilities of several versions of the SNMP protocol (SNMPv1 and SNMPv2) is that SNMP messages are sent across the network unencrypted, meaning that someone with a packet sniffer can read the community string in plain text. SNMPv2 introduced the Inform features which allow acknowledgement of the receipt of messages by the manager while the SNMPv3 introduced an enhanced security system that authenticates messages and ensures their privacy especially if they are forwarded through the Internet. We recommend the use of v2 or v3 SNMP as a minimum and disable SNMP v1 controls on equipment.

Reference Material

CVE.mitre.org is also another useful site and by searching their “CVE list” and typing in the Vulnerability they can help identify and mitigate the issue:

https://cve.mitre.org/

https://www.cvedetails.com/vulnerability-list/vendor_id-227/product_id-394/Snmp-Snmp.html

Keeping Up To Date With Us Is Easy, Sign Up To Our Newsletter Today!

Stay in touch with emPSN, so that you get the latest e-safety advice and invites to our community events.

Our partners