logo
 
 
 
fb-icon   twi-icon   youtube   in-icon
 
 
  Product Information
  Datasheet  
  Download Demo  
  Operation  
  Benefits  
  Features  
  Supported IETF RFC's  
  System Requirements  
     
 
  Testimonials
  "We decided to switch because SimpleAgentPro enabled us to truly make most efficient use of our time for network simulations... Since we switched to SimpleSoft, we have abandoned the previous simulator entirely and only use SimpleAgentPro for all our NMS Simulations."  
  -Ricardo Vargas, Network Management Systems Operational Support Specialist
   Transaction Network Services
 
  More...  
 
Tester Demo: Syntax Testing
 
SimpleSleuth™ SNMP Vulnerability Probe
 
The Simple Network Management Protocol (SNMP) is extensively used in today's networks to provide configuration and monitoring for a wide variety of networked devices. Core Internet Gateways to small information appliances continue to use SNMP for their network management needs.  
SimpleSleuth, is an easy-to-use, Windows-based test tool that probes for vulnerabilities in SNMP implementations. Using this tool, you can:  
  • Check if the devices in your network are vulnerable to a "denial-of-service" attack using SNMP.
  • Check if a vendor's patch actually fixes previously known vulnerabilities and does not introduce new ones.
 
The CERT advisory, dated February 12, 2002(CA-2002-03), showed that products from a wide variety of vendors were susceptible to "denial-of-service" attacks, when these implementations were made to process invalid SNMP packets.  
   
More recently, on April 20, 2004, a Technical Cyber Security Alert - TA04-111B, was issued which indicated that Cisco routers and switches were vulnerable to a DOS attack when processing SNMP requests on trap/inform response ports.  
   
SimpleSleuth, with its associated test modules, sends thousands of invalid packets to the SNMP implementation under test and checks if the implementation is able to handle them without failure. Since the SNMP protocol uses the ASN.1 BER (Basic Encoding Rules) to encode SNMP packets, the invalid packets sent by SimpleSleuth typically fall into two categories:  
  • badly encoded packets
  • bad value packets that are correctly encoded.
 
This allows the different components within an SNMP implementation that decode packets and then process them, to be checked for vulnerabilities.  
   
SimpleSleuth provides an easy to use interface that simplifies vulnerability testing and enables users to specify the type of test packets to send and then pin-points the packet that caused the vulnerability. Its modular architecture maximizes ROI by allowing users to purchase only the needed test suite modules. Six test moudles are available:  
  • SNMPv1 Agent Test Module
  • SNMPv2c Agent Test Module
  • SNMPv3 Agent Test Module
  • SNMPv1 Manager Test Module
  • SNMPv2c Manager Test Module
  • SNMPv3 Manager Test Module
 
The SNMPv1 Agent Test Module includes more than 189,000 malformed SNMPv1 test packets that exercise the SNMPv1 GET, GETNEXT and SET operations. The test packets are dynamically created allowing the user control over the various values used in the packet. The test packets are made up of badly encoded and bad valued ASN.1 BER packets.  
   
The SNMPv2c Agent Test Module includes more than 272,000 malformed SNMPv2c test packets that exercise the SNMPv2c GET, GETNEXT, SET and GETBULK operations. The test packets are dynamically created allowing the user control over the various values used in the packet. The test packets are made up of badly encoded and bad valued ASN.1 BER packets.  
   
The SNMPv3 Agent Test Module includes more than 443,000 malformed SNMPv3 test packets that exercise the SNMPv3 GET, GETNEXT, SET and GETBULK operations. The test packets are dynamically created allowing the user control over the various values used in the packet. The test packets are made up of badly encoded and bad valued ASN.1 BER packets. SimpleSleuth supports SNMPv3 discovery to learn the corresponding engine ids and creates packets accordingly.  
   
The SNMPv1 Manager Test Module includes over 200,000 SNMPv1 TRAP and GET RESPONSE packets. Like the SNMPv1 Agent Module, it too sends badly encoded and bad values packets, but to a management application. The traps can be sent to any SNMP Trap/Event application, while the SNMPv1 RESPONSE packets require a SNMP Manager to initiate an SNMP query (like a discovery query).  
   
The SNMPv2c Manager Test Module includes over 451,000 SNMPv2c TRAP and GET RESPONSE packets. It also sends badly encoded and bad values packets, but to a SNMPv2c management application. The traps can be sent to any SNMP Trap/Event application, while the SNMPv2c RESPONSE packets require a SNMPv2c Manager to initiate an SNMP query (like a discovery query).  
   
The SNMPv3 Manager Test Module includes over 500,000 SNMPv3 Trap and Inform packets and over 500,000 GET RESPONSE and REPORT packets. It also sends badly encoded and bad values packets, but to a SNMPv3 management application. The traps and informs can be sent to any SNMP Trap/Event application, while the SNMPv3 RESPONSE and REPORT packets require a SNMPv3 Manager to initiate an SNMP query (like a discovery query).  
   
In addition to the user interface, the SimpleSleuth can also be run in an unattended mode by specifying the tests to be conducted in a command file.  
   
The Developer Version of SimpleSleuth allows complete control over the various values used in the construction of the packets, while the End-User Version uses fixed default values for some of the fields in the packet like community strings, snmp ports and MIB variable values.  
   
Operation
Only a few simple steps are required to test an SNMP implementation. They are:
  1. Configure the settings. Valid defaults are already set.
  2. Select the tests to be run or ALL.
  3. Specify the IP address of the device under test, and click on start.
Detailed results are stored in associated files that pin-point vulnerabilities.
 
Benefits
  • Improve security and reliability of both your network devices and your management applications.
  • Quickly check implementations for SNMP vulnerabilities to DoS attacks.
  • Verify if vendor's patches fix vulnerabilities and do not introduce new ones.
Features
  • Easy-to-use GUI allows you select different types of tests.
  • Test packets are dynamically created and configurable to match your environment.
  • Check agent vulnerabilities to malicious attacks by sending badly encoded and bad valued SNMP packets.
  • Tests can be configured to check agent status after each bad packet transmission.
  • Check management application vulnerabilities to malicious attacks and rogue agents by sending bad TRAPs and GET RESPONSES.
  • Supports both IPv4 and IPv6.
Supported IETF RFC's
SNMPv1
  • RFC 1157 - Simple Network Management Protocol
 
SNMPv2
 
SNMPv3
Hardware and Software Requirements
The SimpleSleuth requires the following:
  • IBM PC (or compatible). with network card.
  • 32M of RAM and 5M of disk space.
  • Microsoft Windows XP/2003/7/8/2008
SimpleTester provides SNMP protocol conformance checking functionality to complete the testing.
 
How is SimpleSleuth different from Protos Test Suite from Oulu University?
SimpleSleuth extends the paradigm from SNMPv1 to SNMPv2c and SNMPv3 and adds many more tests as well as an easy to use user interface. It also creates bad packets on the fly, unlike the use of canned packets by the Protos Test Suite, allowing you to create packets that are valid for your environment and your devices. In case of SNMP Manager testing, it adds a whole new set of tests to check against bad responses from rogue agents.
 
 
 
 
   
SimpleAgentPro SimpleTester SimpleSleuth
SimpleAgentEnterprise SimpleTesterPro  
SimpleCloudSimulator Test Suites  
SimpleAgent    
     
SimpleMIBEditor SimpleTester SimpleSnmpProxy
SimpleMIBEditorPro SimpleMIBBrowser SimpleMIBBrowser
SimpleSnmp Tcl SimpleAgent  
     
 
Support
FAQs
Training
Instructional Videos
Other Resources
Contact Support
 
Demo Software for Windows
Demo Software for Linux
Product Tours
White Papers
SNMP Tutorial
Upgrades
About Us
Company
Partners
Careers
Success Stories
  
 
News
Press Releases
Product Updates
Blog
 
Contact
Contact SimpleSoft
Request More Information
WebEx Meeting Center
 
Copyright © 2014 SimpleSoft, Inc. All rights reserved. Privacy