The following lines were added (+) and removed (-):
=== Security Risks of SNMP and Exploitation ===SNMP is vulnerable because it is often automatically installed on many network devices with "public" as the read string and "private" as the write string. This would mean that systems might be installed on a network without any knowledge that SNMP is functioning and using these default keys.This default installation of SNMP provides an attacker with the means to perform reconnaissance on a system, and, an exploit that can be used to create a denial of service. SNMP MIBs provide information such as the system name, location, contacts, and sometimes even phone numbers. This soft intelligence can be very useful in social engineering. An attacker could call an organization and use the system contact and system name to gain a password from an unsuspecting user. The telephone number for the system contact could be used to provide a dialing prefix that the attacker could use for war dialing.SNMP information also provides a great deal of hard intelligence about the system. One MIB provides the system description that reveals the operating system that the host is using. This can be matched against known exploits that would allow the attacker to gain further access into the SNMP host. SNMP data also provides interface descriptions, types, and other interface configuration information. This interface information can be gathered from more that one system to allow an attacker to piece together a network map of an organization showing how systems are interconnected. Some MIBs are writeable allowing the attacker to change the system configuration creating a denial of service opportunity. One such MIB is "ifAdminStatus". "IfAdminStatus" is set to "1" when the interface is operational and to "2" when it is down. An attacker could set "ifAdminStatus" to "2" using the SNMP set PDU which could disconnect the host from the network creating a denial service.