MIB… its not Will Smith i m talkin abt…

I was true to think that the first thing that will pop-up in ur security cum sci-fi brains would be high funda, flashy, out of the box scenes from Smith’s movie (Men In Black), but hey guys, hold on to ur horsy brains, its Management Information Base, n yes its not directly related to IS. But says who that security is all abt security devices n not abt the devices that we secure through our best practices.

So coming back to the purpose for why i m posting this post, MIB AKA Management Information Base…. 

To start with MIB comes into our focus when we use SNMP to monitor(or manage) the devices in a network(using an application that listens to the traps on the basis of a common community string).

The MIB is a data structure(a small file, whose size depends on the objects it support) that describes SNMP network elements as a list of data objects. As said, It comprises a collection of objects in a (virtual) database used to manage entities in a network. Objects in the MIB are defined using a subset of Abstract Syntax Notation One (ASN.1) called “Structure of Management Information Version 2 (SMIv2)”. The software that performs the parsing for these subsets is known as MIB compiler. The database is hierarchical (tree-structured) in nature and entries are addressed through object identifiers.

SNMP uses a specified set of commands and queries. An MIB should contain information of these commands and of the target objects (controllable entities / potential sources of status information) with a view to tuning the network transport to the current needs.

A couple of things one should know about when you talk about MIB are: MIB Browser and MIB Modules

MIB Browser : An  MIB Browser is a tool that allows you to pull out data form SNMP enabled devices. In additions to pulling out data, an MIB Browser may also perform the following functions:

  • Allows you to make it smarter by compiling in more MIB definitions
  • Set MIB variables, create, modify or delete conceptual table rows
  • Basic alarm ( trap ) management
  • View the text file in a graphical manner usually featuring a MIB tree
  • Retrieve and display MIB data in a human readable form
A MIB Browser can be as simple as a text based and as sophisticated that uses a spreadsheet like view. In some cases the command line may actually be a better choice, such as when you are feeding the data to some other tool or when you are running in very resource constrained hardware. You would find snmpwalk to be the simplest text based MIB browser which talks to the agent and dumps the MIB data in a easy to understand text console. Talking about a sophisticated one, you can always land your hands on likes of Unbrowse SNMP. These kinda browsers present MIB data in a spreadsheet like interface. These products combine the raw MIB data along with the knowledge of MIB definitions to present conceptual SNMP rows as real spreadsheet rows. These tools also allow you to add rows, delete rows, or modify cells. You can then commit all your changes in a single button click.
MIB Module : An MIB Module is just a file that contains definitions of related MIB objects. The IF-MIB module for example defines the ifxTable, ifStack table and 50 other objects( these modules are defined by experts in that area(for specific products) and are distributed in a plain text file). The file itself is quite hard to read and comprehend. The MIB Browser comes to the rescue here. It can understand the file either natively or by compiling it into an intermediate format. It can then show the MIB in a graphical format that is easier to comprehend and navigate.
A Stitch In Time, Saves Nine

While working with SNMP, one of the key considerations is whether the MIB Browser has sufficient knowledge of the MIBs. The unit of definition of a MIB is a module. To effectively manage a particular agent, you must tell the MIB browser about as many objects implemented by the agent as possible. This means loading the MIB Browser with as many enterprise (private) MIBs as you can lay your hands on to get the maximum of information.

A single MIB module defines a related group of SNMP objects. An agent(like router) can choose not to implement a module at all or to implement only a subset of objects from a module. An agent typically implements objects from a large number of modules.  Within each module it may not support all objects.

Now the question that comes is How to find out what modules are implemented by the agent. Well the answer doesn’t refer to any particle physics journal ;) . There are several options, as:

1. Just ask your router vendor for a list of modules implemented by model XXX. Some vendors like Cisco and Juniper make it easy by publishing this information on their websites. Most will tell you the names of modules and may even provide you with MIB files you can compile yourself !!!

2. Use a discovery tool to check the sysORTable. The sysORTable is basically a set of pointers to agent  capabilities (or) to modules implemented. Some tools allow you to check the sysORTable via a tool.  Note that this method may not work in many agents or may be inaccurate due to faulty implementations. In those cases, you can use a brute force method  - which is the most accurate.

3. Use a brute force discovery tool. The idea is to dump the entire MIB database and then check each OID for a match against the MIB browsers knowledge base of MIBs. Any unresolved OIDs can be dumped to the screen. You can then hunt for these unknown OIDs in an online MIB database such as www.mibdepot.com 

Cupid’s Corner

I could not publically call it as stupid corner(no offence, coz cupid makes u do stupid things most of the time) hence….. anyways, incase you didn’t got through the idea or term ” loading MIB”, then relate it to this scenario >>> The MIB browser is only as smart as the number of MIB definitions it knows. If you have not “told” the MIB Browser about a particular group of objects, the MIB browser is ignorant of that object. Loading MIBs refers to the process of telling a MIB Browser to read in some information from selected modules which are about to be used. It is like saying, “Get ready, I am going to be using these modules X,Y,Z anytime now”.

Coming back to the base of earthlings, the commonly used devices(network/security) implement thousands of objects from several dozen modules & i would not ignore the possibility that most of them are not even publically documeted !!! hence at the end of every day, it is always gud to realize that ” we never get the perfect world”.

 

Similar Posts you might be interested in:

    None Found

Be Sociable, Share!

categories Network Security | | September 24, 2008

categories ,

2 Responses to “MIB… its not Will Smith i m talkin abt…”

  1. w0lf says:
    September 24, 2008 at 1:31 am

    Bro that was very interesting stuff to read and also a bit difficult one to gulp in. But somehow my little brain managed to catch it.:)

  2. Ne0 says:
    September 24, 2008 at 2:52 am

    My views are inline with w0lf ! Though I agree this was a nice read….

Leave a Reply