Going from memory here...

SNMP has 3 basic commands:
GET value, SET value and TRAP. (there's actually a 4th, to get the next
value when getting multiple values.

By poking around with GET, you can get a great deal of information about a
system.
By poking around with SET, you can change it :) hence the security risk.
Traps are for asynchronously notifying a client when a specified condition
is met.

SNMP uses UDP, so if source-spoofed packets are not blocked at your
firewall, internal SNMP servers with write-access may be vulnerable.

Here are some links I googled:
http://www.transition.com/pshelp/snmp.html
http://www.cscare.com/TrapConsoleHandbook/SNMPPrimer.htm
http://www.rad.com/networks/1995/snmp/snmp.htm

 
> Hi.. Ive Been reading this list for a long while now... just
> a quick post.
> Hope not too OT for you... need to fill a gap.
> SNMP.... is there anything wrong with leaving this enabled?
>
> ie
> SNMP Status
> read public
> write xxxxx
>
> I have got the impression from a number of older posts here
> that people
> disable this for what sounded like security reasons?
> What exactly is possible through SNMP? Isnt it just
> ping/traffic stats etc?
>
> Thanks
>
> Alastair S

-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message