"There are different types of attacks an unauthorized user can implement to ret

rieve sensitive information contained in the MIB. You can protect yourself again
st any of these attacks. The following is a list of possible attacks and how you
can protect yourself (from highest to lowest risk):
Brute force of community names : Replace the default password (often ""public"
" or ""private"") with a secure one. The password should be hard to guess, and s
hould not be derived from the hostname of the machine or from its model name (e.
g., ""sun"" or ""ibm"").
Eavesdropping of community names : SNMP Version 3 agents, as well as some of t
he SNMP Version 2 agents (not those named SNMPv2c for ""community based SNMP ver
sion 2"") include authentication using hashing functions, such as MD5.
Eavesdropping of information retrieved by authorized users : Use the privacy f
unction, such as DES-encryption, of the protocols described above.
Replay of legitimate SNMP message by unauthorized users : The protocols descri
bed above provide a simple replay protection using a timestamp and a message seq
uence number.
"

stopsrc -s snmpd
stopsrc -s dpid2
stopsrc -s aixmibd
stopsrc -s hostmibd
stopsrc -s snmpmibd

1)install SSH latest (remove old )

2)To disable the ssh V1 protocol:
login as root
echo "Protocol 2" >> /etc/ssh/sshd_config
restart sshd
3)stopsrc -s snmpd
stopsrc -s dpid2
stopsrc -s aixmibd
stopsrc -s hostmibd
stopsrc -s snmpmibd
vi /etc/rc.tcpip
# snmpd
vi /etc/snmpd.conf and # the public
4) disable rlogin=false for all the system default users.
chuser rlogin=false daemon
chuser rlogin=false bin
chuser rlogin=false sys
chuser rlogin=false adm
chuser rlogin=false uucp
chuser rlogin=false guest
chuser rlogin=false nobody
chuser rlogin=false lpd
chuser rlogin=false lp
chuser rlogin=false invscout
chuser rlogin=false snapp
chuser rlogin=false nuucp
chuser rlogin=false ipsec
5) Stop the src writesrc if no printer is running.
stopsrc -s writesrv
vi /etc/inittab and # writesrv.