Re: [Dshield] RE: Strange SNMP probes suddenly appearing

[Russell Fulton <rful011 () weka itss auckland ac nz>]

On Sat, 2003-11-22 at 05:56, David Gillett wrote:
>   Some of the HP JetDirect client/drivers, especially older versions
> with default configs, like to scan their world using SNMP and query
> anything that will take a connection to learn if it is a printer.
> We have a few of them on our campus; we *hope* that non-obvious
> community names are keeping our network equipment from spending much
> time or effort talking to these clients.

One interesting feature of these older JetDirect client/drivers is that
if you misconfigure the netmask on the windows machine it will start
scanning large chunks of the Internet at large.  A few years back we had
a machine doing this and we were very puzzled until someone noticed that
the netmask had been set to 225.225.225.0!  This did not seem to bother
windows BTW.

-- 
Russell Fulton, Network Security Officer, The University of Auckland,
New Zealand.


---------------------------------------------------------------------------
----------------------------------------------------------------------------