Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Determining UDP 161 port (SNMP) status using SNMPv3
From: Fyodor <fyodor () insecure org>
Date: Tue, 17 Jun 2008 16:14:06 -0700

On Tue, Jun 17, 2008 at 06:07:42PM -0500, Tom Sellers wrote:

If I understand correctly when it comes to UDP ports everything
is pretty much considered open|filtered unless an ICMP response
flags it as closed or a service response indicates that it is
open.

Yeah, that is basically how it works.

I believe that we can augment this port status detection by
adding a SNMPv3 probe.  In my experience SNMPv3, when provided

That would be great!  Maybe it will help provide useful version
detection information as well.

1.  This is essentially a login attempt.  I know that the SNMPv1
     probe tries to use"public" but I don't know if people will
     consider this the same.

I think that is OK.  I've never heard any complaints about the current
SNMP query which, as you noted, tries the public community string.

2.  Would this be more appropriate as a NSE script as it could be
     flagged as "auth" and only run when that is ok?

I think it would be better as version detection.  That is more
efficient (to write/maintain as well as to execute).  And this is a
version detection purpose.

3.  If using this probe is ok, what username should be used?  I
     have been considering using either "public" or null.

Whichever one is most likely to work the best.  Unfortunately I'm not
sure what that would be.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]