I would suspect a good portion of these are run-away enterprise autodiscover jobs. As for what to do? Obviously, education would help alot, but, we all know how successful that is in this industry with the number of new folks getting involved every day. If I remember right, Proteon routers allowed you to specify what interfaces would accept SNMP queries. You could do something of the same with an access-list on a cisco thats not heavily used. I also believe that the Cisco routers do allow you to apply an access list to your SNMP config, but this won't prevent your router from receiving the request and expending CPU trying to figure out what to do with it. What do we do about it? Grumble. Make a phone call here and there if it gets out of hand. Chris ---------- From: Randy Bush[SMTP:randy@psg.com] Sent: Wednesday, April 09, 1997 9:28 AM To: nanog@merit.edu Subject: SNMP probers What do folk do about persistent SNMP probers? I.e. j random clueless sites which keep querying one's backbone router(s). E.g. this morning I get the NOC shift change report with the folk hammering on our routers as if we were stupid enough to use 'public' as the community string.
mae-east Bad community string from 194.168.51.4 mae-east Bad community string from 193.38.113.216 mae-west Bad community string from 202.85.254.5 mae-west Bad community string from 206.79.240.190 mae-west Bad community string from 193.38.113.216 pdx Bad community string from 204.119.24.200 pen Bad community string from 164.117.144.245 pen Bad community string from 193.38.113.216 paix Bad community string from 204.79.240.190
So every day some poor NOC person has to search these folk down with the great tools we have, send email, get told they're nazi idiots, ... So what do folk do about this? randy
participants (1)
-
Chris A. Icide