SANS Tool Detects SNMP

 
 
By Jim Rapoza  |  Posted 2002-02-18
 
 
 

Network administrators have been scrambling on the recent news about the serious security vulnerability in SNMP, but port scanners have proved ill-equipped for the task of full SNMP disclosure. eWeek Labs has tested a free tool from the SANS Institute that makes it much easier and faster to find rogue SNMP.

SNMPing, available for download from www.sans.org, is a simple Windows-based tool that can quickly scan all systems in a network to find those running SNMP. The tool searches on port 161, the default for SNMP, but it can be configured to look at any port.

In less than 2 minutes, SNMPing scanned our entire Class C lab network for rogue SNMP, and we were surprised by the results: The tool detected a network printer, a wireless access point and a test NetWare server that had SNMP enabled.

We found SNMPing much easier to use and more accurate than traditional port scanning tools such as Nmap, which usually know only if port 161 is open.

The results window in SNMPing shows systems that have SNMP enabled and those on which it has been disabled. All results of a network scan can also be saved to a text file. —Jim Rapoza, eWeek Labs East Coast Technical Director

Rocket Fuel