UDP Опасный Мониторинг

Порт 162 (SNMP Trap)

Узнайте о порте 162 (SNMP Trap) - угрозы безопасности, уязвимости и применение. Найдите устройства с открытым портом 162.

Краткая информация

Номер порта

162

Протокол

UDP

Сервис

SNMP Trap

Имя IANA

SNMP Trap

Описание сервиса

UDP port 162 is the standard port for SNMP (Simple Network Management Protocol) traps. SNMP is an application-layer protocol used to monitor and manage network devices. It allows network administrators to centrally oversee network performance, diagnose problems, and configure devices. Traps are asynchronous notifications sent by SNMP agents (devices being monitored) to an SNMP manager (the central monitoring system) when a significant event occurs, such as a link failure, high CPU utilization, or a security breach. Unlike SNMP queries, which are initiated by the manager, traps are initiated by the agent, providing real-time alerts about critical events. The protocol uses UDP for transport, offering a connectionless and lightweight communication mechanism suitable for sending event-driven notifications. The format of an SNMP trap message includes information about the device sending the trap, the type of event that triggered the trap, and any relevant data associated with the event. SNMPv1 and SNMPv2c use community strings for authentication, while SNMPv3 introduces more robust security features like encryption and authentication based on usernames and passwords.

## Firewall Recommendations

Firewall rules should be configured to restrict access to UDP port 162. Only allow traffic from trusted SNMP managers to access this port on the devices acting as SNMP agents. If SNMPv3 is used, ensure that strong authentication and encryption are enabled. If SNMPv1 or v2c must be used for legacy devices, change the default community strings to strong, unpredictable values. Consider using a VPN to encrypt traffic between the SNMP agents and the SNMP manager, especially if the network is untrusted. Regularly audit SNMP configurations and logs to detect any suspicious activity. If possible, disable SNMP altogether on devices where it is not required.

Информация о безопасности

SNMP, especially versions 1 and 2c, has inherent security risks due to the use of community strings for authentication. These community strings are often left at their default values (e.g., 'public' for read-only access and 'private' for read-write access), making them easily guessable by attackers. An attacker who gains access to the write community string can reconfigure network devices, potentially causing denial-of-service attacks, data breaches, or unauthorized access to sensitive information. Even read-only access can provide valuable information about the network infrastructure, device configurations, and performance metrics, which can be used to plan more sophisticated attacks. The lack of encryption in SNMPv1 and v2c also means that trap messages can be intercepted and analyzed, revealing sensitive information. Port 162, being the standard port for receiving these potentially vulnerable trap messages, becomes a target for attackers looking to exploit these weaknesses.

Известные уязвимости

CVE	Название	Критичность	Описание
CVE-2002-0013	SNMPv1/v2c Community String Vulnerability	High	Default community strings can be easily guessed, allowing unauthorized access to SNMP data and device configuration.
CVE-2017-6489	Net-SNMP Agent Denial of Service	Medium	A denial of service vulnerability exists in Net-SNMP agent due to improper handling of certain SNMP requests, potentially crashing the agent.
CVE-2017-15368	Broadcom BCM47XX SNMP Information Disclosure	Medium	Information disclosure via SNMP in Broadcom BCM47XX devices. Sensitive information can be obtained by querying the SNMP agent.
CVE-2011-1482	Net-SNMP DoS vulnerability	Medium	A remote denial of service vulnerability exists in Net-SNMP due to improper handling of malformed packets.