The network management applications, operating on network management workstations, remotely control the various network components. The network components are defined as agents and keep available for use by the network manager information defining the configuration, performance and connection statistics etc . . . These data may represent strategic information for the organizations using this network and must not be pirated. Furthermore, with pirated authorizations, one can modify the network which may result in serious consequences on user data validity.
Network management protocols allow collection by a designated network management station of network information provided by network agents operating on each managed network component. Some network management protocols such as SNMP (Simple Network Management Protocol, RFC 1157 and RFC 1155) are “connection-less” between the network manager station and the network agents hosted by the managed network components. SNMP is based on a “client-server” model allowing any station of the network to act as a network manager (the client) for requesting network information to any network management agent acting as a server. This allows intrusions of one ordinary station into the network management process. In order to counterbalance that lack of security, the protocol uses a password to protect the access to network management data stored on the network components by their SNMP agents. For instance, with SNMP V1 and V2, a specific secret ‘Community Name’ is associated to each managed TCP/IP network component; this assignment of Community Names is performed by the network administrator when configuring the network agents from the network management station or from network components themselves. In a secure network, to access network management information stored on a network component, one must know the secret Community Name which is associated with this component. When a specific name is not assigned at definition of the network agents, a default name is provided such as ‘public’. In a secure network, one can also use the access-control mechanism, by defining, on each network component, a list of IP addresses allowed to issue SNMP requests for the component. But even that access-control mechanism may not be available on some network components.
As a whole, the password security rules are usually well followed against piracy on the WAN (wide Area Networks) outside of the campus network composed of bridged (or switched) and routed LANs (Local Area Networks) but they are not always followed inside the campus network itself; consequently, these networks are not prevented against intrusion from one ordinary station inside the campus network and there is a need for auditing such networks.
European patent application, EP455402 of Hewlett Packard Company, as well as the U.S. Pat. No. 5,185,860, provide a way for automatically discovering all the nodes of a network by using the information stored by the SNMP agents of the network. This information is stored as variables in the MIBS (Management Information Base, RFC 1212 and 1213). Some MIBs are standard other are private, depending on the device manufacturer. Relying on the architecture of networks formed of LANs, hubs and bridges merging subnetworks together, these patents provide a way to use the SNMP information to discover, from the corresponding SNMP network management station, secret community name(s), which are the SNMP security passwords, of all the components of the network hosting an SNMP agent.
There is a need for a tool operating on an ordinary station of a network able to detect if the network information provided by the network components hosting an SNMP agent, can be accessed by another ordinary station. Particularly this tool should apply to campus networks comprising not only bridged or switched LANs but also routed LANs. This tool needs also to be run on a spy station, which must be an ordinary station and not the network management station; this means that the secret Community Names defined by the SNMP agents are not known.