Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Braggin' Rights: When Network Monitoring showed someone unauthorized opening a door into my network

Once upon a time I opened up my Novell network browser (back in the late '90's) and found multiple new servers with print services available on my network. On a subnet I didn't use internally.

On a hunch I tried pinging their .1 address and found a reply. "So who's on my network?" I wondered. I opened a telnet session to .1 to see if might be a router. "Ah, I recognize that router prompt! It looks like a 3Com Netbuilder Router--which I'm trained on. I wonder . . ."

Well, the default user name was in place, along with the default password. So now I'm root on someone else's router. Let's see who the neighbors are . . .

Uh oh. City government. Police department. Finance. Who's the RIP neighbors? State Government! Not good.

Not wanting to probe any deeper, I disconnected and got on the phone to that city's IT department and found there was no one there responsible for their routers. They contracted that out to a private company--the same one who was doing my company's WAN services. Well, there's the connection.

OK. I informed that City's IT folks what I'd found and it went right over their heads. I told them there was no security on their WAN equipment, their support vendor had left the default user names and passwords on their routers, I could see their departments' servers, and I had unrestricted access into their State's government networks.

These IT folks still had no clue this was bad.

So I called up my WAN service provider, asked them why that City network was spanning into mine. Why the City had no security. Why their routers had all the default accounts & passwords. Their response: "mumble-mumble . . . I'll get back to you shortly" and they hung up on me.

Pretty soon those City routers & servers were no longer showing up in my Novell world, The oddball subnet disappeared.

Later I spoke informally with one of the Network Engineers for that provider, and he admitted "One of the guys spanned the City's VLAN into one of your trunked ports. You both are on the same L3 switch, you both use use the same routing protocol, and you learned their routes. You have security enabled and your ACL's prevented them from seeing you. We dropped the ball for their security, both in VLAN port spanning and credentials not being changed. Thanks for letting us know--and for not telling them!"

Monitoring saved my bacon that day--and that of the city & state whose network had inadvertently been spanned into mine.

(I originally built this for the Network Braggin' Rights area, then had problems submitting it and subsequently left the page. Later, when creating a new Discussion, I found this one had been left in limbo, so I submitted it late so folks can enjoy the tale.)