Skip to main content
USENIX
  • Conferences
  • Students
Sign in
  • WOOT '12 Home
  • Organizers
  • Registration Information
  • Registration Discounts
  • Workshop Program
  • Co-located Workshops
  • Sponsors
  • Students
  • Help Promote
  • For Participants
  • Call for Papers
  • Past Workshops

sponsors

Bronze Sponsor
General Sponsor

twitter

Tweets by @usenix

usenix conference policies

  • Event Code of Conduct
  • Conference Network Policy
  • Statement on Environmental Responsibility Policy

You are here

Home » Under New Management: Practical Attacks on SNMPv3
Tweet

connect with us

http://twitter.com/usenix
https://www.facebook.com/events/385528201466018/

Under New Management: Practical Attacks on SNMPv3

Authors: 

Nigel Lawrence and Patrick Traynor, Georgia Institute of Technology

Abstract: 

Network monitoring is a necessity for both reducing downtime and ensuring rapid response in the case of software or hardware failure. Unfortunately, one of the most widely used protocols for monitoring networks, the Simple Network Management Protocol (SNMPv3), does not offer an acceptable level of confidentiality or integrity for these services. In this paper, we demonstrate two attacks against the most current and secure version of the protocol with authentication and encryption enabled. In particular, we demonstrate that under reasonable conditions, we can read encrypted requests and forge messages between the network monitor and the hosts it observes. Such attacks are made possible by an insecure discovery mechanism, which allows an adversary capable of compromising a single network host to set the keys used by the security functions. Our attacks show that SNMPv3 places too much trust on the underlying network, and that this misplaced trust introduces vulnerabilities that can be exploited.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {179515,
title = {Under New Management: Practical Attacks on {SNMPv3}},
booktitle = {6th USENIX Workshop on Offensive Technologies (WOOT 12)},
year = {2012},
address = {Bellevue, WA},
url = {https://www.usenix.org/conference/woot12/workshop-program/presentation/Lawrence},
publisher = {USENIX Association},
month = aug,
}
Download
Lawrence PDF
View the slides

Presentation Video

Presentation Audio

MP3 Download OGG Download

Download Audio

  • Log in or    Register to post comments

Bronze Sponsors

General Sponsors

© USENIX

  • Privacy Policy
  • Contact Us