SANS Tool Makes It Easy To Detect SNMP on Nets

 
 
By Jim Rapoza  |  Posted 2002-02-14
 
 
 
Network administrators have been scrambling on the recent news about the serious security vulnerability in SNMP, but port scanners have proven ill-equipped for the task of full SNMP disclosure. eWEEK Labs has tested a free tool from the SANS Institute that makes it much easier and faster to find rogue SNMP.

SNMPing is a simple Windows-based tool that can quickly scan all systems in a network to find those running SNMP. The tool searches on port 161, the default for SNMP, but it can be configured to look at any port. To get SNMPing email snmptool@sans.org.

In less than 2 minutes, SNMPing scanned our entire class C lab network for rogue SNMP, and we were surprised by the results: SNMP was detected and enabled on a network printer, a wireless access point and a test NetWare server.

We found the tool much easier to use and more accurate than traditional port scanning tools, which usually know only if port 161 is open.

The results window in SNMPing shows systems that both have SNMP enabled and those on which it has been disabled. All results of a network scan can also be saved to a text file.

Technical Director Jim Rapoza can be reached at jim_rapoza@ziffdavis.com.

Rocket Fuel