>(3) Months back, a customer of a small Texas ISP apparently attempted an SNMP
>scan of our subnet -- several times. When we reported it, the ISP configrmed
>that they were trying to set up management for their new subnetand were
>having a little difficulty with configuration -- and didn't seem to regard
>the issue as very serious.
> After two more scans (different subnet, same ISP), I called again; ISP
>confirmed that they had moved customer to a new subnet; also claimed that
>latest HP JetDirect drivers seemed to have a bug that was related to this....
> Of note was that the ISP treated my second call much more seriously and
>professionally than the first. It turned out that my first call had been
>followed by calls from NASA and at least two military branches who had *also*
>been scanned in error, and these managed to get the attention of the ISP's
>management....
Can confirm the JetDirect problem. Had it here, too. Apparently it's designed
to
scan for new printers via SNMP. Stupid enough... but there's a bug. I've got
an
internal class B, 130.214. One off my user's PC (running JetDirect) decided to
scan 130.*.*.*. I've got a fairly large pipe (T3). I found out when the admin
for a school at about 130.253.x.x (scans backwards) called me to tell me we'd
filled their pipe (512Kbps) and blown them off the Internet. Whoops.
Ryan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
