[157572] in North American Network Operators' Group
RE: Network scan tool/appliance horror stories
daemon@ATHENA.MIT.EDU (Rutis, Cameron)
Mon Oct 29 16:58:11 2012
From: "Rutis, Cameron" <Cameron.Rutis@portlandoregon.gov>
To: "Pedersen, Sean" <Sean.Pedersen@usairways.com>, "nanog@nanog.org"
<nanog@nanog.org>
Date: Mon, 29 Oct 2012 13:55:19 -0700
In-Reply-To: <7EF4A8B03B0A3A44858C8B42E0DB236A0121BCA40E2B@PHX-52N-EXM04A.lcc.usairways.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
During scans at various times in the past (and depending on throttling and =
settings of that scan) we've seen:
1) small remote site firewalls doing site to site vpns drop a small number =
of packets
2) locally installed remote control service popup a 'user has been disconne=
cted' error on PCs when port scanned
3) some devices send alerts like 'Unauthorized attempt to gain access' when=
their SNMP ports are hit with non-standard community strings
4) logging on some devices that causes concern for the admin of that device=
("Is someone hacking my device?")
5) out of date/non-patched (yet critical) applications and/or web servers c=
rashing/locking up (this occurred on specific nessus scans, not a generic p=
ort/snmp scan)
6) large stacks of 3750s (six or more members) have issues around CPU durin=
g certain SNMP commands (I want to say some sort of getbulk type of command=
)
The first four were pretty minor although #3 could generate a lot of calls =
to the support center. #5 was a big deal due to the nature of the applicat=
ion. #6 was impactful because we dropped routing neighbors for about 10 se=
conds but this was a couple of years ago so may have been an old IOS bug.
-----Original Message-----
From: Pedersen, Sean [mailto:Sean.Pedersen@usairways.com]=20
Sent: Monday, October 29, 2012 12:11 PM
To: nanog@nanog.org
Subject: Network scan tool/appliance horror stories
We're evaluating several tools at the moment, and one vendor wants to dynam=
ically scan our network to pick up hosts - SNMP, port-scans, WMI, the works=
. I was curious if anyone had any particularly gruesome horror stories of s=
canning tools run amok.
