[157556] in North American Network Operators' Group
Re: Network scan tool/appliance horror stories
daemon@ATHENA.MIT.EDU (Justin M. Streiner)
Mon Oct 29 15:25:21 2012
Date: Mon, 29 Oct 2012 15:25:08 -0400 (EDT)
From: "Justin M. Streiner" <streiner@cluebyfour.org>
To: "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <7EF4A8B03B0A3A44858C8B42E0DB236A0121BCA40E2B@PHX-52N-EXM04A.lcc.usairways.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, 29 Oct 2012, Pedersen, Sean wrote:
> We're evaluating several tools at the moment, and one vendor wants to
> dynamically scan our network to pick up hosts - SNMP, port-scans, WMI,
> the works. I was curious if anyone had any particularly gruesome horror
> stories of scanning tools run amok.
If you have any overloaded/under-powered network gear, such as stateful
firewalls and routers that do lots of NAT, you might find them very
quickly, depending on how aggressive the scanning tool is. There might
also be devices out there that, while possibly lightly loaded, can reach
some minimally documented resource threshold under a very aggressive scan,
and subsequently tip over.
Also, if you're doing IPv6, the performance metrics for many network
devices can be a bit more of a moving target.
jms
