Shulou(Shulou.com)06/01 Report--

This article mainly introduces the snmp protocol how to deal with loopholes, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, let the editor take you to understand it.

SNMP (Simple Network Management Protocol) is the simple Network Management Protocol, which provides the underlying network management framework for network management systems, so that network and system administrators can remotely monitor and configure their network devices (such as routers and switches). A network device or host that supports SNMP is a SNMP entity. A SNMP entity consists of two parts: the SNMP management side is responsible for initiating requests and receiving active announcement information, and the SNMP proxy service is responsible for responding to requests initiated by the management side and sending active announcement information. A SNMP entity with SNMP agent function includes two functions: SNMP management side and SNMP agent side. Snmp protocol is based on UDP protocol communication. In snmp proxy service, snmp manager uses udp 162port, snmp agent uses udp 161port for service communication, a random high-end port will be negotiated to receive inform information of SNMP, and udp port 162and this negotiated random port will be initialized by the system. This random port is generated according to the following conditions: 1. Randomly generate a port number between 49152 and 59152. 2. The cisco ios system detects whether the randomly generated udp port is used, and if not, it uses the port as the port to receive announcement information. 3. If the port is already in use, the system will add one to the random number and repeat the step of 2 again until an unused port is found. In principle, the number of ports can be increased all the way to 59152. There is a vulnerability in cisco's ios system when processing snmp information. The system will constantly process negotiation requests and initialize random ports until memory exhaustion causes the system to restart. Affect the system:

CISCO IOS12.0 (23) S4,12.0 (23) S512.0 (24) S4,12.0 (26) S112.0 (27) S12.0 (27) SV, 12.0 (27) SV112.1 (20) E, 12.1 (20) E1, 12.1 (20) E212.1 (20) EA112.1 (20) EW, 12.1 (20) EW112.1 (20) EC, 12.1 (20) EC112.2 (12g), 12.2 (12h) 12.2 (20) S 12.2 (20) S112.2 (21), 12.2 (21a) 12.2 (23) 12.3 (2) XC1, 12.3 (2) XC212.3 (5), 12.3 (5a), 12.3 (5b) 12.3 (6) 12.3 (4) T, 12.3 (4) T1, 12.3 (4) T2, 12.3 (4) T3 12.3 (5a) B12.3 (4) XD, 12.3 (4) XD1 risk: high hazard description:

Remote denial of service solution:

Temporary solution: 1. If SNMP service is not needed in actual operation, disable SNMP service 2, use firewall, or restrict host access to the following ports in this administrative domain: UDP/161 UDP/162 patch download: Cisco has issued relevant security bulletins and patches for this vulnerability Please go to Cisco website to upgrade your IOS system http://www.cisco.com/warp/public/707/cisco-sa-20040420-snmp.shtml as soon as possible. Thank you for reading this article carefully. I hope the article "how to deal with loopholes in snmp Protocol" shared by the editor will be helpful to everyone. At the same time, I also hope that you will support and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.