Help Privacy Policy Disclaimer
  Advanced SearchBrowse





Third Time's Not a Charm: Exploiting SNMPv3 for Router Fingerprinting


Gasser,  Oliver
Internet Architecture, MPI for Informatics, Max Planck Society;

External Resource
No external resources are shared
Fulltext (restricted access)
There are currently no full texts shared for your IP range.
Fulltext (public)

(Preprint), 8MB

Supplementary Material (public)
There is no public supplementary material available

Albakour, T., Gasser, O., Beverly, R., & Smaragdakis, G. (2021). Third Time's Not a Charm: Exploiting SNMPv3 for Router Fingerprinting. Retrieved from https://arxiv.org/abs/2109.15095.

Cite as: https://hdl.handle.net/21.11116/0000-0009-753E-F
In this paper, we show that adoption of the SNMPv3 network management
protocol standard offers a unique -- but likely unintended -- opportunity for
remotely fingerprinting network infrastructure in the wild. Specifically, by
sending unsolicited and unauthenticated SNMPv3 requests, we obtain detailed
information about the configuration and status of network devices including
vendor, uptime, and the number of restarts. More importantly, the reply
contains a persistent and strong identifier that allows for lightweight
Internet-scale alias resolution and dual-stack association. By launching active
Internet-wide SNMPv3 scan campaigns, we show that our technique can fingerprint
more than 4.6 million devices of which around 350k are network routers. Not
only is our technique lightweight and accurate, it is complementary to existing
alias resolution, dual-stack inference, and device fingerprinting approaches.
Our analysis not only provides fresh insights into the router deployment
strategies of network operators worldwide, but also highlights potential
vulnerabilities of SNMPv3 as currently deployed.