What are the limitations of SNMP v1
1 Answer

  • SNMP has issues with SNMP request handling and with SNMP trap handling in both agents and managers.

  • In essence, the advisory said what everybody everywhere all ready knew: that SNMPv1 is insecure and its use can expose system to exploitation.

  • It further found specific vulnerabilities for a limited set of SNMP agents that could lead to DOS attacks, buffer under run exploits, and other nastiness.

  • The source of these was found to be in the vendor-specific functions written to parse ASN.1 formatted MIB definitions, but fortunately not in ASN.1 itself.

  • These vulnerabilities were immediately addressed by most vendors and by HP through patches to NNM 6.2 and other HP products.

  • SNMP PDU size limitations: This is a concern when using data collections. When there are many collections configured, there may be excessive fragmentations attributable to NNM SNMP operations. An implementation of this [SNMP] protocol need not accept messages.

  • SNMP may not be suitable for the management of truly large networks because of the performance limitations of polling.

  • SNMP is not well suited for retrieving large volumes of data, such as an entire routing table.

  • SNMP traps are unacknowledged & may not be delivered.

  • SNMP provides only trivial authentication i.e. it is suitable for monitoring rather than control.

  • SNMP does not support explicit actions i.e., an action is taken by changing a parameter or setting an object value (indirectly).

  • SNMP does not support manager-to-manager communications.

    • Limited errors codes

    • Limited notifications

    • Limited performance

    • Transport dependence

    • Lack of hierarchies

    • Lack of security

Please log in to add an answer.