LowCheck or Attack Name: rpc_snmp
The SNMP service was detected as running. An attacker can use SNMP (Simple Network Management Protocol) to gain valuable information about the system (such as information on network devices and current open connections) when SNMP uses default words, such as public or private, for the community word. If no community is specified, then the SNMP server responds to queries from any system.
If you need SNMP for network management, make sure it is properly configured with private community names.
Disable SNMP if it is not needed. If the RPC daemon is started from inetd.conf, comment its entry by putting a # at the beginning of the line. If it is started from the rc script, comment it out as appropriate for your operating system.
As an example for disabling SNMP under Solaris 2.6, execute the following commands:
# /etc/init.d/init.snmpdx stop
# mv /etc/rc3.d/S76snmpdx /etc/rc3.d/DISABLED_S76snmpdx
