Open SNMP Report

LAST UPDATED: 2022-08-29

This report identifies hosts with SNMPv2 publicly accessible, that are responding to the community “public”, and that have the potential to be used in amplification attacks by criminals who wish to perform denial of service attacks.

The OID being probed for is 1.3.6.1.2.1.1.1.0 (sysDescr) and if the host responds to that probe, the host is then probed for OID 1.3.6.1.2.1.1.5.0 (sysName). The analogous shell commands would be:

snmpget -c public -v 2c [ip] 1.3.6.1.2.1.1.1.0

snmpget -c public -v 2c [ip] 1.3.6.1.2.1.1.5.0

For more details behind the scan methodology and a daily update of global SNMP scan statistics please visit our dedicated SNMP scan page.

You can learn more on the report in our Open SNMP Report tutorial.

You can learn more on our reports in general in our Overview of Free Public Benefit Shadowserver Reports presentation, which also explains example Use Cases.

For more information on our scanning efforts, check out our Internet scanning summary page.

Filename: scan_snmp

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the DNS response came on (usually UDP)
  • port
    Port that the SNMP response came from
  • hostname
    Reverse DNS name of the device in question
  • sysdesc
    System Description as obtained from OID 1.3.6.1.2.1.1.1
  • sysname
    System Name as obtained from OID 1.3.6.1.2.1.1.5
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • version
    The SNMP probe version that the IP responded to (usually 2)
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • sector
    Sector to which the IP belongs to
  • device_vendor
    Device vendor
  • device_type
    Device type
  • device_model
    Device model
  • device_version
    Device version
  • device_sector
    Device sector (that the device belongs to, like consumer or enterprise)
  • tag
    Set to snmp
  • community
    SNMP community name
  • response_size
    Response size in bytes
  • amplification
    Amplification factor (This amplification is is based solely on the payload size sent and payload size received)

Sample

"timestamp","ip","protocol","port","hostname","sysdesc","sysname","asn","geo","region","city","version","naics","sic","sector","device_vendor","device_type","device_model","device_version","device_sector","tag","community","response_size","amplification"
"2010-02-10 00:00:00",192.168.0.1,udp,161,node01.example.com,"RouterOS RB SXT 5nD r2",,64512,ZZ,Region,City,2,0,0,"Professional, Scientific, and Technical Services",MikroTik,router,,,consumer,"snmp,iot",public,111,1.31
"2010-02-10 00:00:01",192.168.0.2,udp,161,node02.example.com,,,64512,ZZ,Region,City,2,0,0,Government,,,,,,snmp,public,85,1.00
"2010-02-10 00:00:02",192.168.0.3,udp,161,node03.example.com,"10/100 4-Port VPN Router",,64512,ZZ,Region,City,2,0,0,,,,,,,snmp,public,121,1.42

Our 129 Report Types

« Back to Network Reporting