[8522] in North American Network Operators' Group
RE: SNMP probers
daemon@ATHENA.MIT.EDU (Dave O'Shea)
Wed Apr 9 14:03:12 1997
From: "Dave O'Shea" <doshea@mail.wiltel.net>
To: "'Randy Bush'" <randy@psg.com>, "nanog@merit.edu" <nanog@merit.edu>
Date: Wed, 9 Apr 1997 12:13:49 -0500
I'd ignore it. Having leaked a few (less than a million, I'm sure) SNMP =
'gets' because I fat-fingered a subnet mask, or let a traceroute-based =
discovery routine go awry, or was just plain curious...=20
-----Original Message-----
From: Randy Bush [SMTP:randy@psg.com]
Sent: Wednesday, April 09, 1997 9:28 AM
To: nanog@merit.edu
Subject: SNMP probers
What do folk do about persistent SNMP probers? I.e. j random clueless =
sites
which keep querying one's backbone router(s). E.g. this morning I get =
the
NOC shift change report with the folk hammering on our routers as if we =
were
stupid enough to use 'public' as the community string.
> mae-east Bad community string from 194.168.51.4
> mae-east Bad community string from 193.38.113.216
> mae-west Bad community string from 202.85.254.5
> mae-west Bad community string from 206.79.240.190
> mae-west Bad community string from 193.38.113.216
> pdx Bad community string from 204.119.24.200
> pen Bad community string from 164.117.144.245
> pen Bad community string from 193.38.113.216
> paix Bad community string from 204.79.240.190
So every day some poor NOC person has to search these folk down with the
great tools we have, send email, get told they're nazi idiots, ...
So what do folk do about this?
randy
