nanog mailing list archives
RE: Network scan tool/appliance horror stories
From: "Rutis, Cameron" <Cameron.Rutis () portlandoregon gov>
Date: Mon, 29 Oct 2012 13:55:19 -0700
During scans at various times in the past (and depending on throttling and settings of that scan) we've seen: 1) small remote site firewalls doing site to site vpns drop a small number of packets 2) locally installed remote control service popup a 'user has been disconnected' error on PCs when port scanned 3) some devices send alerts like 'Unauthorized attempt to gain access' when their SNMP ports are hit with non-standard community strings 4) logging on some devices that causes concern for the admin of that device ("Is someone hacking my device?") 5) out of date/non-patched (yet critical) applications and/or web servers crashing/locking up (this occurred on specific nessus scans, not a generic port/snmp scan) 6) large stacks of 3750s (six or more members) have issues around CPU during certain SNMP commands (I want to say some sort of getbulk type of command) The first four were pretty minor although #3 could generate a lot of calls to the support center. #5 was a big deal due to the nature of the application. #6 was impactful because we dropped routing neighbors for about 10 seconds but this was a couple of years ago so may have been an old IOS bug. -----Original Message----- From: Pedersen, Sean [mailto:Sean.Pedersen () usairways com] Sent: Monday, October 29, 2012 12:11 PM To: nanog () nanog org Subject: Network scan tool/appliance horror stories We're evaluating several tools at the moment, and one vendor wants to dynamically scan our network to pick up hosts - SNMP, port-scans, WMI, the works. I was curious if anyone had any particularly gruesome horror stories of scanning tools run amok.
Current thread:
- Network scan tool/appliance horror stories Pedersen, Sean (Oct 29)
- Re: Network scan tool/appliance horror stories Justin M. Streiner (Oct 29)
- Re: Network scan tool/appliance horror stories Bacon Zombie (Oct 29)
- Re: Network scan tool/appliance horror stories Jared Mauch (Oct 29)
- Re: Network scan tool/appliance horror stories Paul Thornton (Oct 29)
- Re: Network scan tool/appliance horror stories Bacon Zombie (Oct 29)
- Re: Network scan tool/appliance horror stories Dan White (Oct 29)
- RE: Network scan tool/appliance horror stories Jones, Barry (Oct 30)
- RE: Network scan tool/appliance horror stories Chuck Church (Oct 30)
- RE: Network scan tool/appliance horror stories Jones, Barry (Oct 30)
- RE: Network scan tool/appliance horror stories Jones, Barry (Oct 30)
- Re: Network scan tool/appliance horror stories Justin M. Streiner (Oct 29)
- RE: Network scan tool/appliance horror stories Rutis, Cameron (Oct 29)
- Re: Network scan tool/appliance horror stories Ryan Malayter (Oct 29)
- Re: Network scan tool/appliance horror stories nick hatch (Oct 29)
- Re: Network scan tool/appliance horror stories Andreas Ott (Oct 29)
- Re: Network scan tool/appliance horror stories Dan Snyder (Oct 30)