SNMP Version Comparison

The following table compares three main versions of the SNMP protocol (v1, v2, and v3). SNMP v2 has a number of versions and extensions, the most popular being SNMP v2c and SNMP v2u. In this comparison, we use SNMP v2c and generically call it SNMP v2.

Property

SNMP v1

SNMP v2

SNMP v3

Release Date

1988

1993

1998

Deprecated

Yes

Yes

No

Community Strings1

Yes

Yes

Yes

64-bit Data Structures

No2

Yes

Yes

Detection of Malformed Packets

No

Yes

Yes

Transport Protocol

UDP

UDP

UDP, TCP, SNMP over TLS

Cryptographic Security

No

No

Yes3

Default Password

Yes

Yes

No

Data Encryption

No4

Yes (DES, SHA, MD5, AES)

Yes (DES, SHA, MD5, AES)

Security Model

Community String

Community String

User

Vulnerable to Sniffing

Yes

Yes

Yes

Vulnerable to Masquerading

Yes

Yes

No

Vulnerable to Brute Force

Yes

Yes

No

Vulnerable to Injection

Yes

No

No

Vulnerable to Replay Attacks

Yes

No

No

1 Community strings establish an identification for the network to be monitored by SNMP. That identification establishes the perimeter for your SNMP network. However, it does not provide the means to authenticate the requests and responses, exposing SNMP v1 to a number of attacks.

2 SNMP v1 uses 32-bit data structures. In this case, metrics that have an exponential growth, like the data transfer of network cards, can easily surpass the 32-bit data structures.

3 Cryptographic security was added only on SNMP v3, past versions are vulnerable in a number of attacks including the Man In The Middle (MITM) attacks and hash collision if Message-Digest 5 (MD5) is used.

4 Communication between the agent and the NMS on SNMP v1 are done in plain text, allowing plain text passwords to be captured.

For the introduction to SNMP, refer to SNMP Overview.