TY - GEN
T1 - Third time's not a charm
T2 - 21st ACM Internet Measurement Conference, IMC 2021
AU - Albakour, Taha
AU - Gasser, Oliver
AU - Beverly, Robert
AU - Smaragdakis, Georgios
PY - 2021
Y1 - 2021
N2 - In this paper, we show that adoption of the SNMPv3 network management protocol standard offers a unique - -but likely unintended - -opportunity for remotely fingerprinting network infrastructure in the wild. Specifically, by sending unsolicited and unauthenticated SNMPv3 requests, we obtain detailed information about the configuration and status of network devices including vendor, uptime, and the number of restarts. More importantly, the reply contains a persistent and strong identifier that allows for lightweight Internet-scale alias resolution and dual-stack association. By launching active Internet-wide SNMPv3 scan campaigns, we show that our technique can fingerprint more than 4.6 million devices of which around 350k are network routers. Not only is our technique lightweight and accurate, it is complementary to existing alias resolution, dual-stack inference, and device fingerprinting approaches. Our analysis not only provides fresh insights into the router deployment strategies of network operators worldwide, but also highlights potential vulnerabilities of SNMPv3 as currently deployed.
AB - In this paper, we show that adoption of the SNMPv3 network management protocol standard offers a unique - -but likely unintended - -opportunity for remotely fingerprinting network infrastructure in the wild. Specifically, by sending unsolicited and unauthenticated SNMPv3 requests, we obtain detailed information about the configuration and status of network devices including vendor, uptime, and the number of restarts. More importantly, the reply contains a persistent and strong identifier that allows for lightweight Internet-scale alias resolution and dual-stack association. By launching active Internet-wide SNMPv3 scan campaigns, we show that our technique can fingerprint more than 4.6 million devices of which around 350k are network routers. Not only is our technique lightweight and accurate, it is complementary to existing alias resolution, dual-stack inference, and device fingerprinting approaches. Our analysis not only provides fresh insights into the router deployment strategies of network operators worldwide, but also highlights potential vulnerabilities of SNMPv3 as currently deployed.
KW - alias resolution
KW - device fingerprinting
KW - simple network management protocol (SNMP)
UR - http://www.scopus.com/inward/record.url?scp=85118976371&partnerID=8YFLogxK
U2 - 10.1145/3487552.3487848
DO - 10.1145/3487552.3487848
M3 - Conference contribution
AN - SCOPUS:85118976371
T3 - Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC
SP - 150
EP - 164
BT - IMC 2021 - Proceedings of the 2021 ACM Internet Measurement Conference
PB - Association for Computing Machinery (ACM)
Y2 - 2 November 2021 through 4 November 2021
ER -