GEN:SID 1:516
Message MISC SNMP NT UserList
Summary This event is generated when an attempt is made by Simple Network Management Protocol (SNMP) to enumerate Server Message Block (SMB) users on the host.
Impact Reconnaissance.  An attacker may obtain SMB usernames of the remote host.
Detailed Information Server Message Block is a network file sharing protocol used between Windows hosts and Unix and between Windows hosts that communicate via Samba.  SNMP can be used to query a remote host that listens for SNMP requests and supports SMB, to list the SMB usernames.  This provides reconnaissance of valid usernames and may be followed by a brute force attack to guess passwords.
Affected Systems Hosts that run SMB and listen for SNMP requests.
Attack Scenarios An attacker may obtain a list of current usernames on the remote host as a precursor of attempting a brute force attack to guess passwords of those users.
Ease of Attack A Nessus script exists to list current SMB users.
Corrective Action Block inbound SNMP traffic.

Disable SNMP as a listening service on the remote host unless it is required.
Additional References Arachnids:
http://www.whitehats.com/info/IDS333

Nessus:
http://cgi.nessus.org/plugins/dump.php3?id=10546
Rule References nessus: 10546