This event is generated when an SNMP connection over UDP using the default 'public' community is made.
SNMP (Simple Network Management Protocol) v1 uses communities and IP addresses to authenticate communication between the SNMP client and SNMP daemon. Many SNMP implementations come pre-configured with 'public' and 'peivate' communities. If these are not disabled, the attacker can gather a great deal of information about the device running the SNMP daemon.
- Devices running snmp daemons with 'public' community enabled.
An attacker scans a range of IPs for SNMP servers having the 'public' community set and gathers information about the hosts.
Ease of attack
Disable the 'public' and 'private' communities before connecting the device with SNMP on the Internet or block access to SNMP ports using a packet filtering firewall for unauthorized addresses.