SNMPv3 Discovery

后端 未结 1 1505
被撕碎了的回忆
被撕碎了的回忆 2021-01-17 00:53

I have use SNMP v1 and 2c for network discovery of printers by sending broadcast message with community \"public\" and it works just fine, but when I send broadcast message

1条回答
  •  野趣味
    野趣味 (楼主)
    2021-01-17 01:14

    Two things:

    1) Doing a broadcast SNMPv1/v2c is actually not defined to work in the protocol. Cheap implementations will simply respond, as you've found, to any packet it sees that the kernel accepts to the port and not check the address. However, you'll also find some implementations that will not respond to broadcast packets. So that's actually not a surefire discovery mechanism in the first place. (Let alone, many vendors finally got smart and don't have public be the default community name)

    2) SNMPv3, on the other hand, is even less likely to work because of how engineID discovery happens within the SNMPv3 protocol. SNMPv3 won't respond with a normal response PDU anyway, as it should respond with a REPORT PDU saying "this is my engineID" and you'd have to respond back with that engineID and the proper USM credentials to access the device.

    In short, SNMPv3 was designed for security and there isn't a "public" equivalent any longer. You'd need to know how to access the device and can't just "guess".

    0 讨论(0)
提交回复
热议问题