Third time's not a charm: Exploiting SNMPv3 for router fingerprinting

Taha Albakour, Oliver Gasser, Robert Beverly, Georgios Smaragdakis

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

9 Downloads (Pure)

Abstract

In this paper, we show that adoption of the SNMPv3 network management protocol standard offers a unique - -but likely unintended - -opportunity for remotely fingerprinting network infrastructure in the wild. Specifically, by sending unsolicited and unauthenticated SNMPv3 requests, we obtain detailed information about the configuration and status of network devices including vendor, uptime, and the number of restarts. More importantly, the reply contains a persistent and strong identifier that allows for lightweight Internet-scale alias resolution and dual-stack association. By launching active Internet-wide SNMPv3 scan campaigns, we show that our technique can fingerprint more than 4.6 million devices of which around 350k are network routers. Not only is our technique lightweight and accurate, it is complementary to existing alias resolution, dual-stack inference, and device fingerprinting approaches. Our analysis not only provides fresh insights into the router deployment strategies of network operators worldwide, but also highlights potential vulnerabilities of SNMPv3 as currently deployed.

Original languageEnglish
Title of host publicationIMC 2021 - Proceedings of the 2021 ACM Internet Measurement Conference
PublisherAssociation for Computing Machinery (ACM)
Pages150-164
Number of pages15
ISBN (Electronic)9781450391290
DOIs
Publication statusPublished - 2021
Event21st ACM Internet Measurement Conference, IMC 2021 - Virtual, Online, United States
Duration: 2 Nov 20214 Nov 2021

Publication series

NameProceedings of the ACM SIGCOMM Internet Measurement Conference, IMC

Conference

Conference21st ACM Internet Measurement Conference, IMC 2021
Country/TerritoryUnited States
CityVirtual, Online
Period2/11/214/11/21

Keywords

  • alias resolution
  • device fingerprinting
  • simple network management protocol (SNMP)

Fingerprint

Dive into the research topics of 'Third time's not a charm: Exploiting SNMPv3 for router fingerprinting'. Together they form a unique fingerprint.

Cite this