How to disable SNMP on Apple Airport routers

As you say the functionality was removed from Apple routers. That is Extreme and Time Capsule in AC version.

I was not sure if the latest express was also affected but if the port is open it could be available.

There is no need to turn it off though, unless you are using the Express as your main router. The Russians cannot access your Express if it is behind a NAT. ie you are using it for airplay or extend wireless in your network.

You can turn off SNMP in the Express if it really bothers you. However you will need to use a 5.6 version utility.

This is where Apple's continual removal of functionality is a pain. You need an older version of Mac OS or a windows computer (bootcamp) to access the old utility. The easiest is to use windows.. download the old windows version 5.6.1 and install it .. it will still install in win8 or win10.

There are ways and means of installing it in later Mac OS.. but I am not allowed to post.. Just google install 5.6 airport utility.

Turning it on or off by editing the configuration file should also be possible. I just checked and unfortunately the key is not obvious so it will take me a bit more time to discover which one it is.

In addition to LaPastenague's comments, you can determine if SNMP is enabled/disabled on any of your routers by using the following simple Terminal command:

• snmpwalk -Os -c -v <IP address of the router>
• For example if your router's IP address is: 192.168.1.1, then enter the following command: snmpwalk -Os -c -v 192.168.1.1
• A response of: Timeout: No response from 192.168.1.1, would indicate that the SNMP protocol is either disabled or not available on the router.

Creating bogy man to scare us into conformity has been a ploy used since we were 2 years old.. and continues to be a favourite of authorities of any stripe or description. "Matters of national security" covers a multitude of sins.

Somehow I doubt anyone is going to target you to capture your baby photos. They might like to extort ransom money from you.. but Apple is smart enough to stop that happening before it even starts. Although anything is possible the costs have to exceed the rewards. And since for every Mac user there are 9 sweet juicy windows users around you who know neither their left hand from their right.. mostly they offer you the best protection you could have.

Apple firmware is not invincible.. nothing is. I will poke my neck out and say that for now.. Apple router firmware is mighty solid. As long as you don't turn on setup over wan or run with stupidly weak default passwords, gaining access over the internet is difficult. (Gaining access for people with local access is trivially easy to compensate I suppose.)

Going back to the topic. even if SNMP is available it is not open to WAN. People would need to setup port mapping for remote access to gain that access since it is not open .. people from outside cannot do it. The latest weakness in routers is caused by cheap end linux firmware which is used without understanding by cheap end hardware manufacturers. And then not patched when weaknesses are found.

As long as you buy decent quality stuff from manufacturers who have reputations to protect, you can be sure they will offer patches when weaknesses are discovered. Nobody can make it perfect.. due to the number of very brainy people who spend all their time discovering how to access these devices.

As long as you don't have too much on your computer of value (money wise or knowledge).. your network security is not something to keep you awake at night.