Georgia Institute of Technology
Network monitoring is a necessity for both reducing downtime and ensuring rapid response in the case of software or hardware failure. Unfortunately, one of the most widely used protocols for monitoring networks, the Simple Network Management Protocol (SNMPv3), does not offer an acceptable level of confidentiality or integrity for these services. In this paper, the authors demonstrate two attacks against the most current and secure version of the protocol with authentication and encryption enabled. In particular, they demonstrate that under reasonable conditions, they can read encrypted requests and forge messages between the network monitor and the hosts it observes.