[157586] in North American Network Operators' Group
Re: Network scan tool/appliance horror stories
daemon@ATHENA.MIT.EDU (Andreas Ott)
Tue Oct 30 01:47:38 2012
Date: Mon, 29 Oct 2012 22:47:12 -0700
From: Andreas Ott <andreas@naund.org>
To: "Pedersen, Sean" <Sean.Pedersen@usairways.com>
In-Reply-To: <7EF4A8B03B0A3A44858C8B42E0DB236A0121BCA40E2B@PHX-52N-EXM04A.lcc.usairways.com>;
from Sean.Pedersen@usairways.com on Mon, Oct 29, 2012 at 12:10:40PM -0700
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Oct 29, 2012 at 12:10:40PM -0700, Pedersen, Sean wrote:
> We're evaluating several tools at the moment, and one vendor wants to
> dynamically scan our network to pick up hosts - SNMP, port-scans, WMI,
> the works. I was curious if anyone had any particularly gruesome horror
> stories of scanning tools run amok.
Check your netmask on the to-be-discovered network and what the rate
of discovery is. I have seen internal systems attempt to scan and
discover nodes in a /16 and promptly set off a flood of alarms on all
PDUs (6 per rack) and plenty of other devices that thought they are
being attacked.
-andreas
