North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SNMP probers

  • From: Scott M. Ballew
  • Date: Wed Apr 09 12:24:27 1997

> On Wed, 9 Apr 1997, Randy Bush wrote:
> > So every day some poor NOC person has to search these folk down with the
> > great tools we have, send email, get told they're nazi idiots, ...
> > 
> > So what do folk do about this?
> Or someone could do a Tony Bates impression and collect the naughty SNMP
> prober data from various providers and post a weekly hall of shame report
> to this list. If there are a significant number of non-providers then this
> list could also be posted on a USENET snmp group and on a web page.

Data from our site would include a certain bi-coastal router vendor
(who is not Cisco) that likes to use one of our class B networks for
"internal testing purposes", and occassionally leaks their SNMP
testing out to the Internet.

Our solution was to block SNMP access from non-local sites, regardless
of community string.  It doesn't prevent the routers from logging the
access violation, but it does prevent the remote prober from getting
any useful information.

Scott M. Ballew
Purdue Data Network
Purdue University
- - - - - - - - - - - - - - - - -