Check or Attack Name: snmp

The SNMP service was detected as running. An attacker can use SNMP (Simple Network Management Protocol) to gain valuable information about the machine (such as information on network devices, current open connections, etc.) when SNMP uses default words, such as public or private, for the community word. If no community is specified, then the SNMP server responds to queries from any machine.

If you need SNMP for network management, make sure it is properly configured with private community names. If SNMP is not required, disable the service:

Windows: To disable SNMP:

1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
2. From the Services list, select the SNMP service.
3. Click Stop.

Unix: Disable SNMP if it is not needed. If SNMP is started from the rc script, comment it out as appropriate for your operating system.

As an example for disabling SNMP under Solaris 2.6, execute the following commands:

# /etc/init.d/init.snmpdx stop
# mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx

Request for Comment document RFC 1157, A Simple Network Management Protocol, ftp://ftp.isi.edu/in-notes/rfc1157.txt