SlideShare a Scribd company logo

Setup SNMP for Remote Resource Monitoring

Abhishek Kumar
Abhishek Kumar

It's an Express Guide to "Basic & Secure Setup of SNMP with purpose of Remote Resource Monitoring" ~~~~~ described here with a use-case of setting it up for monitoring availability of Network Connection on a remote machine and Trap notification in case the link goes down ~~~~~ for both Linux & Windows platforms

1 of 5
Download to read offline
Express-Guide ~to~ Basic & Secure Setup of SNMP with Remote Resource Monitoring by, ABK ~ http://www.twitter.com/aBionic ::Task Detail::  Implementing SNMP service on a machine monitoring it's connection on two NICs of a machine.  Raising a trap sending SNMP message if any of the link goes down. ::Background:: Links: http://www.faqs.org/rfcs/rfc2570.html  Its a UDP-based service for Network Management inclusive of an Application Layer Protocol, database schema and set of objects. Typically 161/udp for Agent and 162/udp for manager. Master could either query from slave's Agent or Agent could generate Trap/Inform messages for Master. Master could also set some information on Remote System and change its behavior.  SNMP service is quite famous in vulnerability world to reveal loads of secrets about a machine, if not implemented properly. Secured SNMPv3 service available for remote resource monitoring.  Difference between different implementations: ◦ SNMP v1 has simple application-wide data types; has poor security being authorized by Community String ◦ SNMP v2 has MIB models, Compliance Statements (describing requirements for agents) and Capability Statements (describing permissions for agents) ◦ Improved performance and security; has two versions v2c and v2u due to complexities; Incompatible with SNMPv1 ◦ SNMP v3 primarily added Message Integrity, Authentication and Encryption  Possible Attacks ◦ SNMP v1 and v2c are subjected to Packet Sniffing due to clear-text community string being passed in the data packets ◦ All versions are subjected to Brute Force Attack as they don't implement a
Challenge-Response Handshake, so to be secure on users part using Entropy in Community String is suggested. ◦ All of them are vulnerable to IP Spoofing. ::Execution Method:: Setting up SNMP Traps Monitor for specific events.  On Windows ◦ Installing ▪ Insert your Windows Installation Disc or get a folder sharing its files, would be required. ▪ Go to 'Control Panel' > 'Add or Remove Programs' > 'Add or Remove Windows Component' > 'Management and Monitoring Tools' > 'Details' >'Simple Network Management Protocol' > 'OK' > 'Next' > follow the instructions ahead ◦ Starting Services ▪ 'Start Menu' > 'Run' > 'Services.msc' {or get it from Control Panel, As You Like It} ▪ Double Click 'SNMP Service' entry, select 'Security' in dialog box Opened here remove the default community name if any and add a new name Secure enough, but not your common password. Then add machines that can access it in the list, don't go for 'all' option. Then 'Start' it. ▪ If you wanna raise Traps, also start 'SNMP Trap Service' entry. Note: you could install Net-SNMP port for Windows to use instead of default Microsoft Implementation. Also, if you don't have access to Windows Installation Disc/Content, this option works.  On Linux these commands are tested for a Fedora/CentOS based machine; for other platforms also the net-snmp binaries are available ◦ Installing ▪ #yum install net-snmp ▪ #yum install net-snmp-utils ▪ #yum install net-snmp-perl ◦ Starting Services ▪ #service snmpd start ▪ #service snmptrapd start ◦ Setting up SNMPv3 on Fedora/CentOS location of files is /etc/snmp/ in other versions it may be
/root/.snmp/ or else {thing to check} ▪ #cd /etc/snmp ▪ and remove snmp.conf, snmpd.conf, snmptrapd.conf (better to configure from scratch), so  #rm snmp*.conf ▪ create a new "snmp.conf" with following content  #######start of file: snmp.conf############## defversion 3 defsecuritylevel authPriv defauthtype MD5 defprivtype AES #######end of file: snmp.conf################ ▪ create a new "snmpd.conf" with following content  #######start of file: snmpd.conf############# createUser <snmpUserName> MD5 <snmpPassword> AES rouser <snmpUserName> priv agentuser <AgentName> agentgroup <AgentGroupName> syscontact <SNMPAdmin's_E-MailID> ########end of file: snmpd.conf############### ▪ create a new "snmptrapd.conf" with following content  ########start of file: snmptrapd.conf######### ignoreauthfailure 0 ########end of file: snmptrapd.conf########### ◦ Restart Services ▪ #service snmpd restart ▪ #service snmptrapd restart ◦ Checking if its implemented correctly ▪ #snmpget -v 3 -u <snmp_User> -l authPriv -a MD5 -A -x AES -X 127.0.0.1 sysUpTime.0  if this gives an output like below; its setup correctly  Output: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (8680198) 1 day, 0:06:41:98  if output is like following, some Authorization problem; anything changed from CONF to SNMPGET command can create this  Output: "Timeout: No Response from <IPAddress>" or
"Error in packet" or "Reason: authorizationError (access denied to that object)"  for following output, check the MBIOID value provided, like sysUpTime.0 here  Output: "the given OID is not supported" or "No Such Instance currently exists at this OID" or "Error building ASN.1 representation (Can't build OID for variable)"  Configuring TRAP Daemon on a Linux Box ◦ Open 'snmptrapd.conf' file in an editor, and create from scratch with following content ▪ #######start of file: snmptrapd.conf####### syslocation anyPlace syscontact Admin'sEmailID sysservice 72 rocommunity commName agentSecName internal rouser internal linkUpDownNotification yes authtrapenable 1 trapsink itsSNMPTrapDaemonIPAddress commName 162 ignoreauthfailure 0 #######end of file: snmptrapd.conf#####  Enabling TRAPS on a Cisco Firewall ◦ Console Commands CiscoF/W> enable CiscoF/W# conf t CiscoF/W(config)# snmp-server host inside firewallsName.internal communtiy commNam CiscoF/W(config)# snmp-server location Place CiscoF/W(config)# snmp-server contact Admin'sMailID CiscoF/W(config)# snmp-server community commNam CiscoF/W(config)# snmp-server enable traps snmp authentication linkup linkdown coldstart CiscoF/W(config)# exit CiscoF/W# wr mem
::Tools/Technology Used:: • Net-SNMP : http://www.net-snmp.org/ • SNMPWalk : http://www.net-snmp.org/docs/man/snmpwalk.html • SNMP Fuzzer : http://www.hackingciscoexposed.com/?link=tools ::Inference:: • SNMP is a real strong management protocol which could be used in an intense manner in an IT infrastructure but requires to be kept secured for the same reason of being strong. • A single loophole can flip open your entire machine state for hacker. ::Troubleshooting/Updates:: • Problem: in statements for querying SNMP using snmpget or snmpwalk, keeping ' -v 2' didn't worked for statements where '-v 1' and '-v 3' were working. Solution: As stated before SNMP v2 is out there in two implementation v2c and v2u, so here I was supposed to mention '-v 2c' instead of plain '2'; though '2u' also didn't worked. • Problem: in statements for querying SNMP using snmpget or snmpwalk, same script was working for a machine but raising MIBOID error for other. Solution: Different system architecture may differ in the MIBOIDs and not all MIBs may be accessible too, so you need to do a plain SNMPWalk to check for all accessible MIBs.

Recommended

Openvpn
OpenvpnOpenvpn
Openvpnmato2012
 
Monit
MonitMonit
MonitAbhishek Singh
 
Automating linux network performance testing
Automating linux network performance testingAutomating linux network performance testing
Automating linux network performance testingAntonio Ojea Garcia
 
Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanningamiable_indian
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCanSecWest
 
Developing MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack RoutersDeveloping MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack RoutersBGA Cyber Security
 

Recommended

Openvpn
OpenvpnOpenvpn
Openvpnmato2012
 
Monit
MonitMonit
MonitAbhishek Singh
 
Automating linux network performance testing
Automating linux network performance testingAutomating linux network performance testing
Automating linux network performance testingAntonio Ojea Garcia
 
Dynamic Port Scanning
Dynamic Port ScanningDynamic Port Scanning
Dynamic Port Scanningamiable_indian
 
Security & ethical hacking p2
Security & ethical hacking p2Security & ethical hacking p2
Security & ethical hacking p2ratnalajaggu
 
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsNetwork Penetration Testing Toolkit - Nmap, Netcat, and Metasploit Basics
Network Penetration Testing Toolkit - Nmap, Netcat, and Metasploit BasicsBishop Fox
 
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCSW2017 Qiang li zhibinhu_meiwang_dig into qemu security
CSW2017 Qiang li zhibinhu_meiwang_dig into qemu securityCanSecWest
 
Developing MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack RoutersDeveloping MIPS Exploits to Hack Routers
Developing MIPS Exploits to Hack RoutersBGA Cyber Security
 
Proactive monitoring with Monit
Proactive monitoring with MonitProactive monitoring with Monit
Proactive monitoring with MonitOSOCO
 
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_finalCSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_finalCanSecWest
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018Xavier Mertens
 
NMAP
NMAPNMAP
NMAPPrateekAryan1
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Frameworkegypt
 
Kubernetes Intro
Kubernetes IntroKubernetes Intro
Kubernetes IntroAntonio Ojea Garcia
 
OSMC 2017 | Monitoring MySQL with Prometheus and Grafana by Julien Pivotto
OSMC 2017 | Monitoring MySQL with Prometheus and Grafana by Julien PivottoOSMC 2017 | Monitoring MySQL with Prometheus and Grafana by Julien Pivotto
OSMC 2017 | Monitoring MySQL with Prometheus and Grafana by Julien PivottoNETWAYS
 
FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)Xavier Mertens
 
Network Sniffing
Network SniffingNetwork Sniffing
Network Sniffingbudi rahardjo
 
Don't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFiDon't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFiMackenzie Morgan
 
nullcon 2010 - The evil karmetasploit upgrade
nullcon 2010 - The evil karmetasploit upgradenullcon 2010 - The evil karmetasploit upgrade
nullcon 2010 - The evil karmetasploit upgraden|u - The Open Security Community
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
Cisco Router Security
Cisco Router SecurityCisco Router Security
Cisco Router Securitykktamang
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAPPhannarith Ou, G-CISO
 
Enumeration
EnumerationEnumeration
EnumerationUTD Computer Security Group
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
Cracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless NetworksCracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless Networksguestf2e41
 
6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of serversvideos
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Manovideos
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
 
How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7VCP Muthukrishna
 

More Related Content

What's hot

Proactive monitoring with Monit
Proactive monitoring with MonitProactive monitoring with Monit
Proactive monitoring with MonitOSOCO
 
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_finalCSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_finalCanSecWest
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018Xavier Mertens
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Frameworkegypt
 
OSMC 2017 | Monitoring MySQL with Prometheus and Grafana by Julien Pivotto
OSMC 2017 | Monitoring MySQL with Prometheus and Grafana by Julien PivottoOSMC 2017 | Monitoring MySQL with Prometheus and Grafana by Julien Pivotto
OSMC 2017 | Monitoring MySQL with Prometheus and Grafana by Julien PivottoNETWAYS
 
FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)Xavier Mertens
 
Don't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFiDon't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFiMackenzie Morgan
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking GuideAryan G
 
Cisco Router Security
Cisco Router SecurityCisco Router Security
Cisco Router Securitykktamang
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorialannik147
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 
Cracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless NetworksCracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless Networksguestf2e41
 
6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of serversvideos
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Manovideos
 

What's hot (20)

Proactive monitoring with Monit
Proactive monitoring with MonitProactive monitoring with Monit
Proactive monitoring with Monit
 
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_finalCSW2017 Qinghao tang+Xinlei ying vmware_escape_final
CSW2017 Qinghao tang+Xinlei ying vmware_escape_final
 
FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018FPC for the Masses - CoRIIN 2018
FPC for the Masses - CoRIIN 2018
 
NMAP
NMAPNMAP
NMAP
 
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit FrameworkUnmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
Unmanned Aerial Vehicles: Exploit Automation with the Metasploit Framework
 
Kubernetes Intro
Kubernetes IntroKubernetes Intro
Kubernetes Intro
 
OSMC 2017 | Monitoring MySQL with Prometheus and Grafana by Julien Pivotto
OSMC 2017 | Monitoring MySQL with Prometheus and Grafana by Julien PivottoOSMC 2017 | Monitoring MySQL with Prometheus and Grafana by Julien Pivotto
OSMC 2017 | Monitoring MySQL with Prometheus and Grafana by Julien Pivotto
 
FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)FPC for the Masses (SANSFire Edition)
FPC for the Masses (SANSFire Edition)
 
Network Sniffing
Network SniffingNetwork Sniffing
Network Sniffing
 
Don't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFiDon't Get Hacked on Hostile WiFi
Don't Get Hacked on Hostile WiFi
 
nullcon 2010 - The evil karmetasploit upgrade
nullcon 2010 - The evil karmetasploit upgradenullcon 2010 - The evil karmetasploit upgrade
nullcon 2010 - The evil karmetasploit upgrade
 
Nmap Hacking Guide
Nmap Hacking GuideNmap Hacking Guide
Nmap Hacking Guide
 
Cisco Router Security
Cisco Router SecurityCisco Router Security
Cisco Router Security
 
Understanding NMAP
Understanding NMAPUnderstanding NMAP
Understanding NMAP
 
Enumeration
EnumerationEnumeration
Enumeration
 
Linux internet server security and configuration tutorial
Linux internet server security and configuration tutorialLinux internet server security and configuration tutorial
Linux internet server security and configuration tutorial
 
N map presentation
N map presentationN map presentation
N map presentation
 
Cracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless NetworksCracking Wep And Wpa Wireless Networks
Cracking Wep And Wpa Wireless Networks
 
6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers6. hands on - open mano demonstration in remote pool of servers
6. hands on - open mano demonstration in remote pool of servers
 
5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano5. hands on - building local development environment with Open Mano
5. hands on - building local development environment with Open Mano
 

Similar to Setup SNMP for Remote Resource Monitoring

Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
 
How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7VCP Muthukrishna
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hackingAmanpreet Singh
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaRaghunath G
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessEC-Council
 
An Express Guide ~ "dummynet" for tweaking network latencies & bandwidth
An Express Guide ~ "dummynet" for tweaking network latencies & bandwidthAn Express Guide ~ "dummynet" for tweaking network latencies & bandwidth
An Express Guide ~ "dummynet" for tweaking network latencies & bandwidthAbhishek Kumar
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
Parrot Drones Hijacking
Parrot Drones HijackingParrot Drones Hijacking
Parrot Drones HijackingPriyanka Aash
 
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios
 
Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Abhichai L.
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityIOSR Journals
 
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLaticiaGrissomzz
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationOlehLevytskyi1
 
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To UseNagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To UseNagios
 

Similar to Setup SNMP for Remote Resource Monitoring (20)

Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
 
How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7How To Install and Configure SNMP on RHEL 7 or CentOS 7
How To Install and Configure SNMP on RHEL 7 or CentOS 7
 
Security & ethical hacking
Security & ethical hackingSecurity & ethical hacking
Security & ethical hacking
 
Netcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beemaNetcat 101 by-mahesh-beema
Netcat 101 by-mahesh-beema
 
Netcat - 101 Swiss Army Knife
Netcat - 101 Swiss Army KnifeNetcat - 101 Swiss Army Knife
Netcat - 101 Swiss Army Knife
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote AccessHacker Halted 2014 - Post-Exploitation After Having Remote Access
Hacker Halted 2014 - Post-Exploitation After Having Remote Access
 
Presentación1
Presentación1Presentación1
Presentación1
 
An Express Guide ~ "dummynet" for tweaking network latencies & bandwidth
An Express Guide ~ "dummynet" for tweaking network latencies & bandwidthAn Express Guide ~ "dummynet" for tweaking network latencies & bandwidth
An Express Guide ~ "dummynet" for tweaking network latencies & bandwidth
 
The Art of Grey-Box Attack
The Art of Grey-Box AttackThe Art of Grey-Box Attack
The Art of Grey-Box Attack
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
 
Parrot Drones Hijacking
Parrot Drones HijackingParrot Drones Hijacking
Parrot Drones Hijacking
 
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
Nagios Conference 2013 - Spenser Reinhardt - Intro to Network Monitoring Usin...
 
Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Penetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utilityPenetrating Windows 8 with syringe utility
Penetrating Windows 8 with syringe utility
 
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentation
 
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To UseNagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
Nagios Conference 2011 - Mike Weber - Training: Choosing Nagios Plugins To Use
 
Metasploitable
MetasploitableMetasploitable
Metasploitable
 

More from Abhishek Kumar

Insecurity-In-Security version.2 (2011)
Insecurity-In-Security version.2 (2011)Insecurity-In-Security version.2 (2011)
Insecurity-In-Security version.2 (2011)Abhishek Kumar
 
Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Abhishek Kumar
 
xml-motor ~ What,Why,How
xml-motor ~ What,Why,Howxml-motor ~ What,Why,How
xml-motor ~ What,Why,HowAbhishek Kumar
 
Syslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideSyslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideAbhishek Kumar
 
Squid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress GuideSquid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress GuideAbhishek Kumar
 
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress Guide
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress GuideEthernet Bonding for Multiple NICs on Linux ~ A techXpress Guide
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress GuideAbhishek Kumar
 
Solaris Zones (native & lxbranded) ~ A techXpress Guide
Solaris Zones (native & lxbranded) ~ A techXpress GuideSolaris Zones (native & lxbranded) ~ A techXpress Guide
Solaris Zones (native & lxbranded) ~ A techXpress GuideAbhishek Kumar
 
An Express Guide ~ Zabbix for IT Monitoring
An Express Guide ~ Zabbix for IT Monitoring An Express Guide ~ Zabbix for IT Monitoring
An Express Guide ~ Zabbix for IT Monitoring Abhishek Kumar
 
An Express Guide ~ Cacti for IT Infrastructure Monitoring & Graphing
An Express Guide ~ Cacti for IT Infrastructure Monitoring & GraphingAn Express Guide ~ Cacti for IT Infrastructure Monitoring & Graphing
An Express Guide ~ Cacti for IT Infrastructure Monitoring & GraphingAbhishek Kumar
 
Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'
Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'
Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'Abhishek Kumar
 
XSS Defeating Concept - Part 2
XSS Defeating Concept - Part 2XSS Defeating Concept - Part 2
XSS Defeating Concept - Part 2Abhishek Kumar
 
XSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaperXSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaperAbhishek Kumar
 
FreeSWITCH on RedHat, Fedora, CentOS
FreeSWITCH on RedHat, Fedora, CentOSFreeSWITCH on RedHat, Fedora, CentOS
FreeSWITCH on RedHat, Fedora, CentOSAbhishek Kumar
 

More from Abhishek Kumar (16)

Insecurity-In-Security version.2 (2011)
Insecurity-In-Security version.2 (2011)Insecurity-In-Security version.2 (2011)
Insecurity-In-Security version.2 (2011)
 
Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)Insecurity-In-Security version.1 (2010)
Insecurity-In-Security version.1 (2010)
 
DevOps?!@
DevOps?!@DevOps?!@
DevOps?!@
 
xml-motor ~ What,Why,How
xml-motor ~ What,Why,Howxml-motor ~ What,Why,How
xml-motor ~ What,Why,How
 
XML-Motor
XML-MotorXML-Motor
XML-Motor
 
DevOps with Sec-ops
DevOps with Sec-opsDevOps with Sec-ops
DevOps with Sec-ops
 
Syslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress GuideSyslog Centralization Logging with Windows ~ A techXpress Guide
Syslog Centralization Logging with Windows ~ A techXpress Guide
 
Squid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress GuideSquid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
Squid for Load-Balancing & Cache-Proxy ~ A techXpress Guide
 
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress Guide
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress GuideEthernet Bonding for Multiple NICs on Linux ~ A techXpress Guide
Ethernet Bonding for Multiple NICs on Linux ~ A techXpress Guide
 
Solaris Zones (native & lxbranded) ~ A techXpress Guide
Solaris Zones (native & lxbranded) ~ A techXpress GuideSolaris Zones (native & lxbranded) ~ A techXpress Guide
Solaris Zones (native & lxbranded) ~ A techXpress Guide
 
An Express Guide ~ Zabbix for IT Monitoring
An Express Guide ~ Zabbix for IT Monitoring An Express Guide ~ Zabbix for IT Monitoring
An Express Guide ~ Zabbix for IT Monitoring
 
An Express Guide ~ Cacti for IT Infrastructure Monitoring & Graphing
An Express Guide ~ Cacti for IT Infrastructure Monitoring & GraphingAn Express Guide ~ Cacti for IT Infrastructure Monitoring & Graphing
An Express Guide ~ Cacti for IT Infrastructure Monitoring & Graphing
 
Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'
Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'
Presentation on "XSS Defeating Concept in (secure)SiteHoster" : 'nullcon-2011'
 
XSS Defeating Concept - Part 2
XSS Defeating Concept - Part 2XSS Defeating Concept - Part 2
XSS Defeating Concept - Part 2
 
XSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaperXSS Defeating Trick ~=ABK=~ WhitePaper
XSS Defeating Trick ~=ABK=~ WhitePaper
 
FreeSWITCH on RedHat, Fedora, CentOS
FreeSWITCH on RedHat, Fedora, CentOSFreeSWITCH on RedHat, Fedora, CentOS
FreeSWITCH on RedHat, Fedora, CentOS
 

Setup SNMP for Remote Resource Monitoring

  • 1. Express-Guide ~to~ Basic & Secure Setup of SNMP with Remote Resource Monitoring by, ABK ~ http://www.twitter.com/aBionic ::Task Detail::  Implementing SNMP service on a machine monitoring it's connection on two NICs of a machine.  Raising a trap sending SNMP message if any of the link goes down. ::Background:: Links: http://www.faqs.org/rfcs/rfc2570.html  Its a UDP-based service for Network Management inclusive of an Application Layer Protocol, database schema and set of objects. Typically 161/udp for Agent and 162/udp for manager. Master could either query from slave's Agent or Agent could generate Trap/Inform messages for Master. Master could also set some information on Remote System and change its behavior.  SNMP service is quite famous in vulnerability world to reveal loads of secrets about a machine, if not implemented properly. Secured SNMPv3 service available for remote resource monitoring.  Difference between different implementations: ◦ SNMP v1 has simple application-wide data types; has poor security being authorized by Community String ◦ SNMP v2 has MIB models, Compliance Statements (describing requirements for agents) and Capability Statements (describing permissions for agents) ◦ Improved performance and security; has two versions v2c and v2u due to complexities; Incompatible with SNMPv1 ◦ SNMP v3 primarily added Message Integrity, Authentication and Encryption  Possible Attacks ◦ SNMP v1 and v2c are subjected to Packet Sniffing due to clear-text community string being passed in the data packets ◦ All versions are subjected to Brute Force Attack as they don't implement a
  • 2. Challenge-Response Handshake, so to be secure on users part using Entropy in Community String is suggested. ◦ All of them are vulnerable to IP Spoofing. ::Execution Method:: Setting up SNMP Traps Monitor for specific events.  On Windows ◦ Installing ▪ Insert your Windows Installation Disc or get a folder sharing its files, would be required. ▪ Go to 'Control Panel' > 'Add or Remove Programs' > 'Add or Remove Windows Component' > 'Management and Monitoring Tools' > 'Details' >'Simple Network Management Protocol' > 'OK' > 'Next' > follow the instructions ahead ◦ Starting Services ▪ 'Start Menu' > 'Run' > 'Services.msc' {or get it from Control Panel, As You Like It} ▪ Double Click 'SNMP Service' entry, select 'Security' in dialog box Opened here remove the default community name if any and add a new name Secure enough, but not your common password. Then add machines that can access it in the list, don't go for 'all' option. Then 'Start' it. ▪ If you wanna raise Traps, also start 'SNMP Trap Service' entry. Note: you could install Net-SNMP port for Windows to use instead of default Microsoft Implementation. Also, if you don't have access to Windows Installation Disc/Content, this option works.  On Linux these commands are tested for a Fedora/CentOS based machine; for other platforms also the net-snmp binaries are available ◦ Installing ▪ #yum install net-snmp ▪ #yum install net-snmp-utils ▪ #yum install net-snmp-perl ◦ Starting Services ▪ #service snmpd start ▪ #service snmptrapd start ◦ Setting up SNMPv3 on Fedora/CentOS location of files is /etc/snmp/ in other versions it may be
  • 3. /root/.snmp/ or else {thing to check} ▪ #cd /etc/snmp ▪ and remove snmp.conf, snmpd.conf, snmptrapd.conf (better to configure from scratch), so  #rm snmp*.conf ▪ create a new "snmp.conf" with following content  #######start of file: snmp.conf############## defversion 3 defsecuritylevel authPriv defauthtype MD5 defprivtype AES #######end of file: snmp.conf################ ▪ create a new "snmpd.conf" with following content  #######start of file: snmpd.conf############# createUser <snmpUserName> MD5 <snmpPassword> AES rouser <snmpUserName> priv agentuser <AgentName> agentgroup <AgentGroupName> syscontact <SNMPAdmin's_E-MailID> ########end of file: snmpd.conf############### ▪ create a new "snmptrapd.conf" with following content  ########start of file: snmptrapd.conf######### ignoreauthfailure 0 ########end of file: snmptrapd.conf########### ◦ Restart Services ▪ #service snmpd restart ▪ #service snmptrapd restart ◦ Checking if its implemented correctly ▪ #snmpget -v 3 -u <snmp_User> -l authPriv -a MD5 -A -x AES -X 127.0.0.1 sysUpTime.0  if this gives an output like below; its setup correctly  Output: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (8680198) 1 day, 0:06:41:98  if output is like following, some Authorization problem; anything changed from CONF to SNMPGET command can create this  Output: "Timeout: No Response from <IPAddress>" or
  • 4. "Error in packet" or "Reason: authorizationError (access denied to that object)"  for following output, check the MBIOID value provided, like sysUpTime.0 here  Output: "the given OID is not supported" or "No Such Instance currently exists at this OID" or "Error building ASN.1 representation (Can't build OID for variable)"  Configuring TRAP Daemon on a Linux Box ◦ Open 'snmptrapd.conf' file in an editor, and create from scratch with following content ▪ #######start of file: snmptrapd.conf####### syslocation anyPlace syscontact Admin'sEmailID sysservice 72 rocommunity commName agentSecName internal rouser internal linkUpDownNotification yes authtrapenable 1 trapsink itsSNMPTrapDaemonIPAddress commName 162 ignoreauthfailure 0 #######end of file: snmptrapd.conf#####  Enabling TRAPS on a Cisco Firewall ◦ Console Commands CiscoF/W> enable CiscoF/W# conf t CiscoF/W(config)# snmp-server host inside firewallsName.internal communtiy commNam CiscoF/W(config)# snmp-server location Place CiscoF/W(config)# snmp-server contact Admin'sMailID CiscoF/W(config)# snmp-server community commNam CiscoF/W(config)# snmp-server enable traps snmp authentication linkup linkdown coldstart CiscoF/W(config)# exit CiscoF/W# wr mem
  • 5. ::Tools/Technology Used:: • Net-SNMP : http://www.net-snmp.org/ • SNMPWalk : http://www.net-snmp.org/docs/man/snmpwalk.html • SNMP Fuzzer : http://www.hackingciscoexposed.com/?link=tools ::Inference:: • SNMP is a real strong management protocol which could be used in an intense manner in an IT infrastructure but requires to be kept secured for the same reason of being strong. • A single loophole can flip open your entire machine state for hacker. ::Troubleshooting/Updates:: • Problem: in statements for querying SNMP using snmpget or snmpwalk, keeping ' -v 2' didn't worked for statements where '-v 1' and '-v 3' were working. Solution: As stated before SNMP v2 is out there in two implementation v2c and v2u, so here I was supposed to mention '-v 2c' instead of plain '2'; though '2u' also didn't worked. • Problem: in statements for querying SNMP using snmpget or snmpwalk, same script was working for a machine but raising MIBOID error for other. Solution: Different system architecture may differ in the MIBOIDs and not all MIBs may be accessible too, so you need to do a plain SNMPWalk to check for all accessible MIBs.