SOLVED: Should SNMP Be Open on the Internet & How to Test

One of our tech’s working in another city had a client with an auditor’s penetration test report indicating their SNMP was accessible on the internet from three different servers. They wanted to know if that was a bad thing and if it is bad, how they can test for it to confirm the auditors findings and then stop it. Here are the answers.

What Is SNMP In Simple Terms?

SNMP, or Simple Network Management Protocol, is a protocol used mostly for monitoring network devices such as routers, switches, servers, UPS’s, printers, and more. I can also be used to do very basic remote management of those devices. It allows network administrators to gather information about network performance, detect network faults, and configure network devices.

Uncessesary SNMP Details You MIGHT Care About:

Key Components of SNMP:

• Managed Devices: These are network devices that have SNMP agents installed. They collect and store management information and make it available to SNMP managers
• SNMP Agents: Software running on managed devices that collect data about the device’s status and performance and communicate this information to the SNMP manager
• SNMP Managers: Also known as Network Management Systems (NMS), these are applications that monitor and manage SNMP-enabled devices. They send requests to agents and receive responses

How SNMP Works:

1. Polling: The SNMP manager sends a request to the SNMP agent for information
2. Traps: The SNMP agent sends unsolicited alerts (traps) to the SNMP manager when certain events occur
3. Set Commands: The SNMP manager can send commands to configure or control the managed device

SNMP Versions:

• SNMPv1: The original version, which provides basic features but lacks security
• SNMPv2c: An improved version with better performance and additional features, but still lacks strong security
• SNMPv3: The latest version, which includes enhanced security features such as authentication and encryption

Should SNMP Be Exposed To The Internet

Not unless you like getting hacked or you have some very unusual configuration with some very tight firewall rules to allow only some destinations to access your SNMP.

Simple Network Management Protocol is inherently insecure because its messages are not encrypted, making it vulnerable to various types of attacks. Allowing SNMP traffic to be accessible from the internet can expose your network to potential threats, such as unauthorized access to network information and management capabilities.

To enhance security, it is recommended to block SNMP traffic at your firewall and only allow it within your internal network. This helps prevent malicious actors from exploiting SNMP vulnerabilities and gaining access to sensitive information.

How To Determine If SNMP Is Open To The Internet

It is very easy to tell if SNMP is exposed on the Internet. You just need to download free port scanner and try to connect.

1. Get Off The LAN: If you are in the office, leave. You are testing if SNMP is exposed on the internet, not in the office, so go home or VPN to some other network.
2. Download A Port Scanner: We like the free one from Microsoft named PortQry tool which you can source directly from Microsoft HERE
   • Run the “install” and it will simply expand the files into the C:\PortQryV2 folder
3. Open Command Prompt: Run Command Prompt with Administrative privileges and type CD C:\PortQryV2
4. Run PortQry: Use the following command to check if the SNMP port is open:
   portqry.exe -n [YourDomainOrIPAddress] -p udp -e 161
   This command will check if the UDP port 161 is open on the specified server.

If the port is open, you should see a message indicating that the port is listening. If the port is closed, you will see a message indicating that the port is not listening.