Discovery - Can you over-ride the SNMP version?

Paul Santaniell · ‎05-06-2022

Please see discovery status for DIS0031657. The device is responding indicating that SNMP v3 is open. However, the device owner would like us to use SNMP v2 to access the device?

I believe that Servicenow is not trying v2 due to the response of the device. Can this be over-ridden so that Servicenow tries v2 despite port scan showing v3 is open.?

Jam2 · ‎08-15-2024

Initially, we assumed that network devices marked as unreachable immediately after discovery were genuine failures.However, recent investigations revealed a different pattern. Many of these devices were incorrectly flagged due to SNMPv1 attempts being blocked by our firewall. Surprisingly, even when a successful SNMPv2 scan was initially performed, subsequent scans still attempted SNMPv1. To address this issue, we're considering disabling SNMPv1 altogether.

DaveHertel · ‎08-16-2024

I'm sure you already know v1 and v2 are considered insecure. SNMP v3 has much, much more built capabilities to enhance security. All IT sec-ops/infosec people I've worked with strongly avoid whenever possible the old v1/v2 stuff. If your target devices support v3 that's certainly a better solution. Deploying SN Discovery (or similar products) products often bring out these weaknesses in IT infrastructure, and then prompt IT teams to assess/update security issues like this...

Jam2 · ‎08-18-2024

That’s correct. I was just verifying before we fully transition to SNMPv3. Thanks for your response.