GEN:SID 1:1892
Message SNMP null community string attempt
Summary This event is generated when SNMP communications contain a NULL value
the authentication string.
Impact Medium to Serious. Depending on if the community string was for
read-only, read-create or read-write an attacker could gain a varying
level of access to a system.
Detailed Information An SNMP community string is the authentication process that a host
running SNMP uses to grant access.
Affected Systems Numerous. Routers, switches, servers, NAS systems, many others.
Attack Scenarios An attacker can launch a scan of all network attached devices looking
for port 161 (UDP) and then attempt to gain access using SNMP.
Ease of Attack Simple. There are many free SNMP "tree walking" programs, an example of
such is getIF.
Corrective Action Make sure that all devices that have SNMP turned on have complex
passwords assigned.

Disable unneeded WRITE / CREATE community strings.

Since SNMP traffic is not encrypted, use a packet filtering firewall to
restrict SNMP communications to the protected network.
Additional References GetIF:
http://www.wtcs.org/snmp4tpc/getif.htm

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0517
Rule References bugtraq: 2112
bugtraq: 8974
cve: 1999-0517