New Year: SNMP default community quantity dynamics

New Year: SNMP default community quantity dynamics
In summer 2016 I provided brief analysis of IPv4-addresses with SNMP default community (DDoS attacks type SNMP Amplification sources) by countries ( Russian article ). The year is new but security holes are old.

http://1u88jj3r4db2x4txp44yqfj1.wpengine.netdna-cdn.com/wp-content/uploads/2014/04/ddos.jpg

New Year SNMP report by shodan , was compared with June one and shows such dynamics in integral TOP-10:


2016 2017 Fixed, %
Brazil 1430670 1041122 27,23
USA 326735 240677 26,34
India 307155 210282 31,54
Korea 170979 173178 -1,29
China 121235 92019 24,10
Thailand 120263 61077 49,21
Colombia 104903 59178 43,59
Italy 87020 78970 9,25
Turkey 80880 50824 37,16
Iran 79506 57866 27,22

name='more'>
Countries with positive percentage decreased default SNMP-devices quantity  and negative percentage holders increased it.

In general, IPv4-addresses with default SNMP community quantity is less than half a year. The whole world shows such numbers according to previous table:

TOTAL 3748045 2821398 24,72

Differential TOP 10 based on integral one for SNMP public/private looks like a chart:


And as a table:


Country Fixed, %
1 Thailand 49,21
2 Colombia 43,59
3 Turkey 37,16
4 India 31,54
5 Brazil 27,23
6 Iran 27,22
7 USA 26,34
8 China 24,10
9 Italy 9,25
10 Korea -1,29

So, it is clear that IPv4-space contains less default-configured SNMP settings on devices (DDoS-attacks sources) for 23,4%.
Possible reasons of such dynamics are:
  • Default SNMP-settings were changed
  • SNMP service was disabled as unused one
  • Hosting- and Internet-providers blocked a part of malicious traffic sources
  • Upgraded software disables SNMP by default
  • Shodan loses control of vulnerable servers
  • Your version
I hope that new year will help us fix old bugs with SNMP default community usage.
A little HOWTO fix a holey SNMP is described here (Russian) . English coming soon.

Alt text

Нидерландах из-за уязвимостей в Microsoft Exchange в магазинах исчез сыр, а в США для устранения последствий взлома сотен компьютеров пришлось привлечь даже ФБР. Смотрите 13 выпуск security-новостей на нашем Youtube канале.

Андрей Дугин

Практическая информационная безопасность и защита информации | Information Security and Cyber Defense in Deed