Difference between revisions of "SNMP"

From Hacking Printers
Jump to: navigation, search
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
The Simple Network Management Protocol (SNMP) is a port 161/udp protocol, designed to manage various network components like routers. The architecture is defined in RFC3411 <ref>''[https://www.ietf.org/rfc/rfc3411.txt RFC3411: An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks]'', D. Harrington, R. Presuhn and B. Wijnen, 2000</ref>. Information offered by a managed system is not subject to the standard itself but defined in separate hierarchical database files, so called MIBs (management information bases). A MIB consists of various OID (object identifier) entries, each one identifying a variable to be either monitored (SNMP GetRequest) or modified (SNMP SetRequest). An example of retrieving the <code>hrDeviceDescr</code> value (OID 1.3.6.1.2.1.25.3.2.1.3, textual description of a device) from the `Host Resources MIB' as defined in RFC1514 <ref>''[https://www.ietf.org/rfc/rfc1514.txt RFC1514: Host Resources MIB]'', P. Grillo and S. Waldbusser, 1993</ref> is shown below:
+
The Simple Network Management Protocol (SNMP) is a port 161/udp protocol, designed to manage various network components like routers. The architecture is defined in RFC3411 <ref>''[https://www.ietf.org/rfc/rfc3411.txt RFC3411: An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks]'', D. Harrington, R. Presuhn and B. Wijnen, 2000</ref>. Information offered by a managed system is not subject to the standard itself but defined in separate hierarchical database files, so called MIBs (management information bases). A MIB consists of various OID (object identifier) entries, each one identifying a variable to be either monitored (SNMP GetRequest) or modified (SNMP SetRequest). An example of retrieving the <code>hrDeviceDescr</code> value (OID 1.3.6.1.2.1.25.3.2.1.3, textual description of a device) from the ‘Host Resources MIB’ as defined in RFC1514 <ref>''[https://www.ietf.org/rfc/rfc1514.txt RFC1514: Host Resources MIB]'', P. Grillo and S. Waldbusser, 1993</ref> is shown below:
  
 
<syntaxhighlight lang=sh>
 
<syntaxhighlight lang=sh>
Line 6: Line 6:
 
</syntaxhighlight>
 
</syntaxhighlight>
  
While SNMP is not printer-specific, many printer manufacturers have published MIBs for their network printer model, often including security-sensitive functionality. A generic approach to create a vendor-independent `Printer MIB' was taken in RFC3805 <ref>''[https://www.ietf.org/rfc/rfc3805.txt RFC3805: Printer MIB v2]'', R. Bergman, I. McDonald and H. Lewis, 2004</ref>. SNMP broadcast is used in printing software like [[CUPS]] or [[PRET]] to quickly discover network printers in the local subnet and enumerate their capabilities. As a stand-alone language, SNMP can only be exploited if the attacker has access to port 161/udp of the printer device and the community string is known (usually set to <code>public</code> by default). On HP devices however, SNMP can be embedded within [[PJL]] and therefore included into arbitrary print jobs as so called [[PML]] commands.
+
While SNMP is not printer-specific, many printer manufacturers have published MIBs for their network printer model, often including security-sensitive functionality. A generic approach to create a vendor-independent ‘Printer MIB’ was taken in RFC3805 <ref>''[https://www.ietf.org/rfc/rfc3805.txt RFC3805: Printer MIB v2]'', R. Bergman, I. McDonald and H. Lewis, 2004</ref>. SNMP broadcast is used in printing software like [https://en.wikipedia.org/wiki/CUPS CUPS] or [[PRET]] to quickly discover network printers in the local subnet and enumerate their capabilities. As a stand-alone language, SNMP can only be exploited if the attacker has access to port 161/udp of the printer device and the community string is known (usually set to <code>public</code> by default). On HP devices however, SNMP can be embedded within [[PJL]] and therefore included into arbitrary print jobs as so called [[PML]] commands.
  
 
→ ''Related articles:'' [[PML]]
 
→ ''Related articles:'' [[PML]]

Latest revision as of 12:25, 25 June 2017

The Simple Network Management Protocol (SNMP) is a port 161/udp protocol, designed to manage various network components like routers. The architecture is defined in RFC3411 [1]. Information offered by a managed system is not subject to the standard itself but defined in separate hierarchical database files, so called MIBs (management information bases). A MIB consists of various OID (object identifier) entries, each one identifying a variable to be either monitored (SNMP GetRequest) or modified (SNMP SetRequest). An example of retrieving the hrDeviceDescr value (OID 1.3.6.1.2.1.25.3.2.1.3, textual description of a device) from the ‘Host Resources MIB’ as defined in RFC1514 [2] is shown below:

snmpget -v1 -c public printer iso.3.6.1.2.1.25.3.2.1.3.1
iso.3.6.1.2.1.25.3.2.1.3.1 = STRING: "hp LaserJet 4250"

While SNMP is not printer-specific, many printer manufacturers have published MIBs for their network printer model, often including security-sensitive functionality. A generic approach to create a vendor-independent ‘Printer MIB’ was taken in RFC3805 [3]. SNMP broadcast is used in printing software like CUPS or PRET to quickly discover network printers in the local subnet and enumerate their capabilities. As a stand-alone language, SNMP can only be exploited if the attacker has access to port 161/udp of the printer device and the community string is known (usually set to public by default). On HP devices however, SNMP can be embedded within PJL and therefore included into arbitrary print jobs as so called PML commands.

Related articles: PML



  1. RFC3411: An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks, D. Harrington, R. Presuhn and B. Wijnen, 2000
  2. RFC1514: Host Resources MIB, P. Grillo and S. Waldbusser, 1993
  3. RFC3805: Printer MIB v2, R. Bergman, I. McDonald and H. Lewis, 2004