b'@online{Albakour2109.15095,'b"\nTITLE = {Third Time's Not a Charm: Exploiting {SNMPv3} for Router Fingerprinting},\nAUTHOR = {Albakour, Taha and Gasser, Oliver and Beverly, Robert and Smaragdakis, Georgios},\nLANGUAGE = {eng},\nURL = {https://arxiv.org/abs/2109.15095},\nEPRINT = {2109.15095},\nEPRINTTYPE = {arXiv},\nYEAR = {2021},\nMARGINALMARK = {$\\bullet$},\nABSTRACT = {In this paper, we show that adoption of the SNMPv3 network management
protocol standard offers a unique -- but likely unintended -- opportunity for
remotely fingerprinting network infrastructure in the wild. Specifically, by
sending unsolicited and unauthenticated SNMPv3 requests, we obtain detailed
information about the configuration and status of network devices including
vendor, uptime, and the number of restarts. More importantly, the reply
contains a persistent and strong identifier that allows for lightweight
Internet-scale alias resolution and dual-stack association. By launching active
Internet-wide SNMPv3 scan campaigns, we show that our technique can fingerprint
more than 4.6 million devices of which around 350k are network routers. Not
only is our technique lightweight and accurate, it is complementary to existing
alias resolution, dual-stack inference, and device fingerprinting approaches.
Our analysis not only provides fresh insights into the router deployment
strategies of network operators worldwide, but also highlights potential
vulnerabilities of SNMPv3 as currently deployed.
},\n}\n"