SNMP security testing is an essential part of modern conformance testing. InterWorking Labs helps you check for SNMP vulnerabilities and perform SNMP security tests by using over 700,000 tests specifically designed to find vulnerabilities in SNMPv1, v2c, and v3 agents.

Denial-of-Service attacks can disable computer systems and networks and ultimately the operation of your organization. Denial-of-service attacks come in a variety of forms and aim at a variety of services.Attackers exploit vulnerabilities in SNMP agents in order to disrupt network connectivity by preventing network devices with SNMP agents from operating.

In addition to Denial-of-Service attacks, many SNMP agents exhibit security vulnerabilities which can be found and corrected with network penetration testing. A malformed packet is unintentionally sent by one device to another, but the receiving device is unable to properly decode the malformed packet and reject it, and instead crashes.

Network devices with these poorly implemented SNMP agents will crash when they receive malformed packets, either as a result of a Denial-of-Service attack, or as a result of random network abnormalities.

Boreal - the SNMP Network Penetration Test Suite

Boreal, the SNMP Network Penetration Test Suite, allows network administrators and testers to verify the security and robustness of each of their network devices in the face of packet decoding vulnerabilities.

Boreal Network Penetration Testing Suite includes more than 700,000 network vulnerability and network security test cases for SNMP v1, v2c, and v3 agents.

Boreal allows the network administrator to uncover the vulnerabilities and security flaws in a network device in three easy steps: (1) Enter the IP address of the network device, (2) Click on Test All, (3) Collect the Results Report or email it to the network device supplier.

Boreal's network penetration testing capabilities can also automatically test all the network devices in a network, through an automated command line script.

Key Features

• Automatically run all network penetration test cases against one agent.
• Automatically run all network penetration test cases against all agents on all devices in the network in one step.
• Verify if the manufacturer's patches resolve all vulnerability problems.
• Send reports back to the manufacturer for resolution.
• Verify if the agent properly responded by "expected outcome".
• Turn on debugging preferences and pinpoint the precise sequence and type of packet that caused the failure for reporting back to the manufacturer.
• Change values and parameters in the test cases.
• Eliminate legal worries. Boreal's network penetration testing software contains no Free Software Foundation-GNU License dependencies. All the code is the original work of InterWorking Labs.
• Integrate with SilverCreek, the official SNMP Test Suite, to provide more capabilities to the tester who would like a full and complete picture of all aspects of the SNMP agent quality.

Test Methodology

ASN.1 describes the grammar, and BER the translation mechanism, for encapsulating SNMP packets. Boreal introduces abnormalities into the grammar and the encapsulation so that the SNMP packets are malformed. By changing the tag (what ASN.1 type is it?), length (how long is the payload?), and value (the payload) to wrong or unexpected values, a normal, valid packet becomes a pathological packet.

By sending hundreds of thousands of various GET, NEXT, SET, and GET-BULK malformed packets to the agent under test, Boreal's network penetration testing protocols determine if the agent properly responds.

Source for ASN.1 and BER Explanations: Perkins, D., McGinnis, E., Understanding MIBS, Prentice Hall, Copyright 1997, p. 36.

Information on Denial of Service Attacks and Vulnerabilities -- Source: Computer Emergency Response Team, www.cert.org/tech_tips/denial_of_service.html