RE: Network scan tool/appliance horror stories

["Rutis, Cameron" <Cameron.Rutis () portlandoregon gov>]

During scans at various times in the past (and depending on throttling and settings of that scan) we've seen:
1) small remote site firewalls doing site to site vpns drop a small number of packets
2) locally installed remote control service popup a 'user has been disconnected' error on PCs when port scanned
3) some devices send alerts like 'Unauthorized attempt to gain access' when their SNMP ports are hit with non-standard 
community strings
4) logging on some devices that causes concern for the admin of that device ("Is someone hacking my device?")
5) out of date/non-patched (yet critical) applications and/or web servers crashing/locking up (this occurred on 
specific nessus scans, not a generic port/snmp scan)
6) large stacks of 3750s (six or more members) have issues around CPU during certain SNMP commands (I want to say some 
sort of getbulk type of command)

The first four were pretty minor although #3 could generate a lot of calls to the support center.  #5 was a big deal 
due to the nature of the application.  #6 was impactful because we dropped routing neighbors for about 10 seconds but 
this was a couple of years ago so may have been an old IOS bug.

-----Original Message-----
From: Pedersen, Sean [mailto:Sean.Pedersen () usairways com] 
Sent: Monday, October 29, 2012 12:11 PM
To: nanog () nanog org
Subject: Network scan tool/appliance horror stories

We're evaluating several tools at the moment, and one vendor wants to dynamically scan our network to pick up hosts - 
SNMP, port-scans, WMI, the works. I was curious if anyone had any particularly gruesome horror stories of scanning 
tools run amok.