08 September 2008 | 5,816 views

onesixtyone 0.3.2 – An Efficient SNMP Scanner

Check Your Web Security with Acunetix

The SNMP protocol is a stateless, datagram oriented protocol. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers don’t respond to requests with invalid community strings and the underlying UDP protocol does not reliably report closed UDP ports. This means that ‘no response’ from the probed IP address can mean either of the following:

  • machine unreachable
  • SNMP server not running
  • invalid community string
  • the response datagram has not yet arrived

The approach taken by most SNMP scanners is to send the request, wait for n seconds and assume that the community string is invalid. If only 1 of every hundred scanned IP addresses responds to the SNMP request, the scanner will spend 99*n seconds waiting for replies that will never come.

This makes traditional SNMP scanners very inefficient.

onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them, in a fashion similar to Nmap ping sweeps. By default onesixtyone waits for 10 milliseconds between sending packets, which is adequate for 100Mbs switched networks. The user can adjust this value via the -w command line option. If set to 0, the scanner will send packets as fast as the kernel would accept them, which may lead to packet drop.

Running onesixtyone on a class B network (switched 100Mbs with 1Gbs backbone) with -w 10 gives us a performance of 3 seconds per class C, with no dropped packets. All 65536 IP addresses were scanned in less than 13 minutes.

You can download onesixtyone here:

onesixtyone-0.3.2.tar.gz

Or read more here.



Recent in Hacking Tools:
- masscan – The Fastest TCP Port Scanner
- drozer – The Leading Security Testing Framework For Android
- tinfoleak – Get Detailed Info About Any Twitter User

Related Posts:
- The Kcpentrix Project – Penetration Testing Toolkit LiveDVD
- X-Scan by XFocus – Basic Free Network Vulnerability Scanner
- GFI EventsManager – Event Monitoring, Archiving & Management

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,869,684 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,060,172 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 624,907 views

Low-cost VPS Hosting

3 Responses to “onesixtyone 0.3.2 – An Efficient SNMP Scanner”

  1. John Preston 8 September 2008 at 4:34 pm Permalink

    I wrote an article about Cisco SNMP insecurities a while ago. This could be a very useful tool.

    http://www.johnlpreston.co.uk/default-cisco-snmp-secure

  2. Pantagruel 8 September 2008 at 7:11 pm Permalink

    Looks nice.

    MMM compile gives a:
    onesixtyone.c:336: warning: conflicting types for built-in function

  3. Mark 16 September 2008 at 7:13 am Permalink

    There’s a slighly modified version at:
    http://labs.portcullis.co.uk/application/onesixtyone/

    It contains a few bugfixes:
    * Very large dictionary files supported
    * Enhanced error messages
    * -w option works correctly to slow down / speed up scans