- About
-
The Global ETD Search service is a free service for researchers
to find electronic theses and dissertations. This service is
provided by the
Networked Digital Library of Theses and Dissertations.
Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
Search results
Showing 1 to 1 of 1 (0.026 seconds)Spelling suggestions: "subject:"ruth"" "subject:"muth""
| 1 |
Vulnerabilities in SNMPv3Lawrence, Nigel Rhea 10 July 2012 (has links)
Network monitoring is a necessity for both reducing downtime and ensuring
rapid response in the case of software or hardware failure. Unfortunately, one of the
most widely used protocols for monitoring networks, the Simple Network Management
Protocol (SNMPv3), does not offer an acceptable level of confidentiality or integrity
for these services. In this paper, we demonstrate two attacks against the most current
and secure version of the protocol with authentication and encryption enabled. In
particular, we demonstrate that under reasonable conditions, we can read encrypted
requests and forge messages between the network monitor and the hosts it observes.
Such attacks are made possible by an insecure discovery mechanism, which allows
an adversary capable of compromising a single network host to set the keys used by
the security functions. Our attacks show that SNMPv3 places too much trust on the
underlying network, and that this misplaced trust introduces vulnerabilities that can
be exploited.
|
Page generated in 0.0352 seconds