Yes, v3 is a pain in the arse. However, changing the default comminity string from "public" to something else is a step in the right direction. Most SNMP walkers will enumerate using this default value. Others have a nice library of default community strings by device and manufacturer and it will blast out searching for hits. 90% of the devices I've seen have the default community string set. Kinda makes you wonder.

I'm using v2 with a community string password scheme. This alone has kept auditors (and Nessus) off my arse.

Before I go, I will stress this again. A FULL risk assessment needs to be done before you run around willy nilly looking to one off issues that Nessus finds. You need to understand what risk, if any, is posed by SNMP in your environment.

--Th13

PS
Soon I'm going to start billing you $250 an hour.
Ok - will check with the SA group on this.

Also - risk assessment - my management group in auditing is working on that on an international level - I have mentioned getting down to this level of detail and hopefully they will make considerations for this and other areas at the OS/App level.

I'll have to ask to see if I can put some money in the budget to pay for your services - but they will most likely laugh then slap me, or slap then laugh at me or both. So until I can pay, thanks much for the help!

Oh wait, I have this: http://www.lardlad.com and this: http://www.playerappreciate.com/pimphandle.asp