What do folk do about persistent SNMP probers? I.e. j random clueless sites
which keep querying one's backbone router(s). E.g. this morning I get the
NOC shift change report with the folk hammering on our routers as if we were
stupid enough to use 'public' as the community string.
The problem isn't so much stupid people as stupid default settings on some
network tools. A lot of software exists for the "enterprise" network
market. Apparently, the designers of this software don't realize that most
enterprise IP networks touch the larger, fully connected Internet. The
default settings on half a dozen products I've personally used default to
trying to discover the entire Internet on startup.
I learned this the hard way a few years back. Every night before going
home, I'd re-boot a network monitoring station, which would crash during the
night. The station was crashing somewhere in the middle of the discovery of
net 18. After the third or fourth attempt at discovering net 18, I got a
phone call from MIT, and realized why my network monitoring station was
Things got really interesting when I called up the manufacturer. I asked
them to please help me stop this software discovery process. Took me half
an hour of explaining to convince them that discovering the entire Internet
wasn't in the best interest of their customers. Took a new version to
really stop this "feature".
So every day some poor NOC person has to search these folk down with the
great tools we have, send email, get told they're nazi idiots, ...
So what do folk do about this?
Educate, then assassinate.
Seriously, I think some education is needed for the proliferating
manufacturers of lower end IP management tools. All of a sudden, there are
a lot of IP monitoring products out there. Most all of our customers are
running some sort of tool to check the status of their LAN workstations,
etc. We've been having to educate almost every new customer lately.
Maybe denying some TCP socket at the border router level would stop a lot of