A little basic network security is gonna help here (Score 1)

First this assumes (for the ASA one at least) you are exposing SNMP on some interface reachable by *badGuys". If you are dumb enough to expose SNMP (even > v2 ) over a raw/public side interface, you are a moron. Typically one would expose SNMP or even SSH for control/monitoring only on your control plane. If bad guys are routing into your control network (why are you allowing this to be a routable network anyways?) you have a bigger problem. Also, you need to know the community string. If you're not rolling them every once and a while, and on add/remove of people into your control network security zone, again...you are begging for this. Lastly...and its been a while, but if I remember by SNMP on the ASA, you actually have to specify host allowed, not just exposed network interface, so now to make this work you are working from an owned box that has been granted SNMP access. I mean it sucks that this was in the wild for so long, but it isnt like its a real back door...like some deep daemon down in the stack that only accepts rlogin traffic from www.badguy.com . At least if they want in, and you are doing your job they will need to peel back a couple of your layers