During scans at various times in the past (and depending on throttling and
settings of that scan) we've seen:
1) small remote site firewalls doing site to site vpns drop a small number of
packets
2) locally installed remote control service popup a 'user has been
disconnected' error on PCs when port scanned
3) some devices send alerts like 'Unauthorized attempt to gain access' when
their SNMP ports are hit with non-standard community strings
4) logging on some devices that causes concern for the admin of that device
("Is someone hacking my device?")
5) out of date/non-patched (yet critical) applications and/or web servers
crashing/locking up (this occurred on specific nessus scans, not a generic
port/snmp scan)
6) large stacks of 3750s (six or more members) have issues around CPU during
certain SNMP commands (I want to say some sort of getbulk type of command)
The first four were pretty minor although #3 could generate a lot of calls to
the support center. #5 was a big deal due to the nature of the application.
#6 was impactful because we dropped routing neighbors for about 10 seconds but
this was a couple of years ago so may have been an old IOS bug.
-----Original Message-----
From: Pedersen, Sean [mailto:[email protected]]
Sent: Monday, October 29, 2012 12:11 PM
To: [email protected]
Subject: Network scan tool/appliance horror stories
We're evaluating several tools at the moment, and one vendor wants to
dynamically scan our network to pick up hosts - SNMP, port-scans, WMI, the
works. I was curious if anyone had any particularly gruesome horror stories of
scanning tools run amok.
