Simple Network Management Pwnd

DerbyCon 4.0 - Family Rootz

Presented by: Deral Heiland (PercX), Matt Kienow
Date: Sunday September 28, 2014
Time: 16:00 - 16:50
Location: Track 2

As a large number of embedded devices are deployed throughout home and industry worldwide. We find little or no effort being made to properly secure SNMP services, as a result potentially millions of these devices expose access to their SNMP services over the Internet. This creates a silent killer. Users are unaware as attackers can easily leverage these services to extract critical data and potentially alter security features leading to further compromise. During this presentation we will deliver an in depth examination of the SNMP protocol and associated device MIB security issues. Covering such topics as SNMP protocols, MIBs structures, Information extraction methodologies. Leveraging live demonstrations we will also show several examples of critical data leakage, and walk the audience through methods for extracting data and performing comparative analysis for the purpose of discovering critical information stored in SNMP private MIBs.

Deral Heiland

Matt Kienow


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats