[157597] in North American Network Operators' Group
RE: Network scan tool/appliance horror stories
daemon@ATHENA.MIT.EDU (Jones, Barry)
Tue Oct 30 11:19:23 2012
From: "Jones, Barry" <BEJones@semprautilities.com>
To: "'Dan White'" <dwhite@olp.net>, "Pedersen, Sean"
<Sean.Pedersen@usairways.com>
Date: Tue, 30 Oct 2012 08:18:18 -0700
In-Reply-To: <20121029194646.GD13937@dan.olp.net>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I can share with you several stories personnel (both IT or vendors), who ha=
ve scanned Electric Utility environments with or without permission; and he=
nce caused multiple failures - including electro-mechanical systems and rel=
ated applications. Utilities typically utilize many industrial controllers =
- some of which many IT personnel have no knowledge, and some are not robus=
t enough to weather the storm.
1. Know your environment.
2. Know your tools.
3. Communicate.
=20
-----Original Message-----
From: Dan White [mailto:dwhite@olp.net]=20
Sent: Monday, October 29, 2012 12:47 PM
To: Pedersen, Sean
Cc: nanog@nanog.org
Subject: Re: Network scan tool/appliance horror stories
On 10/29/12=A012:10=A0-0700, Pedersen, Sean wrote:
>We're evaluating several tools at the moment, and one vendor wants to=20
>dynamically scan our network to pick up hosts - SNMP, port-scans, WMI,=20
>the works. I was curious if anyone had any particularly gruesome horror=20
>stories of scanning tools run amok.
http://www.tulsaworld.com/news/article.aspx?subjectid=3D334&articleid=3D201=
21002_11_A1_CUTLIN325691
A > layer 7 failure. Make sure all members of your organization are aware o=
f your plans.
--
Dan White
