SNMP_Set used Public Community Name to change system information

Risk Level: High risk vulnerability  High

Check or Attack Name: Snmp Set Public Community
Platforms: SNMP
Description:

The SNMP default Public community name is specified, allowing anyone the ability to change the machine's system information if they use this default value. An attacker can use SNMP to obtain valuable information about the machine, such as information on network devices and current open connections.
Remedy:

If you need SNMP for network management, make sure it is properly configured with private community names.

Windows: Below are general directions to identify and remove public names. Detailed information is available from the Microsoft Knowledge Base Article "How to: Configure SNMP security" at http://support.microsoft.com/support/ntserver/serviceware/10140298.asp.

  1. Open the Network control panel. From the Windows NT Start menu, select Settings, Control Panel, Network.
  2. Click the Services tab and select the SNMP Service.
  3. Click Properties to display the SNMP Properties dialog box.
  4. Click the Security tab.
  5. Verify that your configuration contains the following secure settings:
    • At least one Accepted Community Name exists. Empty lists cause SNMP to accept requests from anyone. (See Microsoft Knowledge Base Article Q99880, "How to: Configure SNMP security" at http://support.microsoft.com/support/ntserver/serviceware/10140298.asp.)
    • The Accepted Community Names are not easily guessed names, such as public.
    • The Only Accept SNMP Packets from These Hosts option is selected, and one or more IP Host or IPX address are specified.
    • Each host and community name in the lists is a valid destination.
    6. In addition to securing SNMP from the control panel, you will want to secure it from the Registry. See the Windows NT SNMP Community Name topic for more information.

Windows: If SNMP is not required, disable the service:

  1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
  2. From the Services list, select the SNMP service.
  3. Click Stop.

Unix: To change the community name, refer to your SNMP documentation.

—OR—

Disable SNMP if it is not needed. If SNMP is started from the rc script, comment it out as appropriate for your operating system.

As an example for disabling SNMP under Solaris 2.6, execute the following commands:

# /etc/init.d/init.snmpdx stop
# mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx
References:

Request for Comment document RFC 1157, A Simple Network Management Protocol (SNMP), ftp://ftp.isi.edu/in-notes/rfc1157.txt

Microsoft Knowledge Base Article Q99880, SNMP Agent Responds to Any Community Name, http://support.microsoft.com/support/kb/articles/q99/8/80.asp sp
X-Force Logo
Know Your Risks