|
1 |
|
|
|
The "system" group is the very basic information supported by all SNMP agents.
- 1.3.6.1.2.1.1.1 - sysDescr
- Describes the software version of the system. SNMP scanners will first query this string in order to guess if the target is something like a WindowsNT server, Cisco router, a Linux box, etc.
- 1.3.6.1.2.1.1.2 - sysObjectID
- This points off into the private enterprises section to a specific product version. Unfortunately, vendors aren't too good at using this field correctly. It should give a better indication of the type of system, but usually ends up being worse than sysDescr.
- 1.3.6.1.2.1.1.3 - sysUpTime
- This tells how long the system has been up and running. This is the most powerful of all SNMP MIB variables. This is because of the way the SNMP Counter works. If you want to monitor the the number of packets/second that a router is forwarding, then you must query every second the forward-count as well as sysUpTime in order to compare the two values. This has the side effect that the sysUpTime variable is almost always visible to the outside world even when security restrictions hide access to every other value within the system.
- 1.3.6.1.2.1.1.4 - sysContact
- This is rarely configured correctly. When you can read it from the system, however, it can be useful in social engineering attacks.
- 1.3.6.1.2.1.1.5 - sysName
- SNMP sysName overflow
- 1.3.6.1.2.1.1.6 - sysLocation
- In theory, this tells the physical location of the equipment. It is rarely accurate. However, when a hacker can get good information from it, then it can be used to locate the equipement for physical intrusion.
- 1.3.6.1.2.1.1.7 - sysServices