So this morning I had an engineer come to me saying they were getting alerts about a scan from our remote data center. He was speculating that it was IPAM doing subnet scans from the remote poller out there.
I immediately went into IPAM and disabled automatic scanning on each subnet I have created for that data center and vlan's associated with it.
My question is... is there a way to simply disable all IPAM scanning from an individual poller? I would have liked to just shut the IPAM scanning off on that poller itself to verify it was the culprit.
As the alerts continued, I went in and just shutdown all of the SW services on that poller, and then even shutting the server completely down. Instead of using a scalpel here, I was using a chainsaw.
I would have loved to be able to be confident that all IPAM scanning from that individual poller was disabled with some specific service to shut down or something.
Can anyone direct me to a poller's IPAM easy button?
I take it the Engineer did not like you scanning his subnets? Were the scans to frequent? What is the policy concerns scans?
I would ask more questions before revving up the chainsaw. I am sure there is always a way to get to "Yes".
Well, there were actually lots of questions. The ASA at that site and Lancope were both seeing the traffic at exactly the same time, so they lined up perfectly, but the source IP's were different on each. The ASA at that site showed the source IP as my SW poller. Soooo... he was making assumptions that IPAM on my poller was attempting to scan subnets.
Now, we have since gotten to the culprit, and it wasn't my poller, but I would have like to be able to just shutdown IPAM scanning specifically from that remote poller for a few minutes to clear it's name. Eventually I shut all the services down, and even turned the box off to get my SW server out of the hot seat.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.