This article is a comprehensive list of all the known fragile devices which are affected by Footprint Scans and the actions suggested to mitigate them. As a long-term solution, we are actively working on a 'Safe Scan' option for our clients, which will detect vulnerable devices and will automatically adapt to their requirements.
[FP-EX-1] Known issues when scanning Network Switches
There are specific situations where abnormal behavior was reported when scanning some Network Switches. Reported versions:
Cisco 3560G
Cisco 2960X
Cisco SG250
This may be caused by specific configuration where the Switch does not know how to handle speciifc traffic pattern sent by the Internal Scanner:
[1] Some switches have HTTP/HTTPS management enabled. This can be verified by having:
https server enabled in the config.
"!ip http server
ip http secure-server
ip http secure-active-session-modules none
ip http active-session-modules none
!"
This causes the switches CPU to spike based on HTTP CORE process. When a switch has sustained 100% cpu it may stop forwarding traffic in specific circumstances, for example when broadcasts are sent and the switch does not have the destination MAC in TCAM it will use an Interrupt that needs processor time.
The recommendation here is to disable http management of the switch and use cli. If this is not possible then temporarily exclude the switch management IP from scans. We have a task on our road-map to allow for port exceptions on devices with known scan problems such as switches/printers/etc. but this is not yet released.
[2] Kindly update the switch to the latest version. Some OS versions are old and have known bugs that can cause crash conditions.
[3] If the above two points do not resolve the issue then the last resort option is to exclude the switch from the Scan Surface for the time being. This is done by going to the Scan Surface, finding the Network Segment where the Switch Management IP Address segment is defined and pressing an [x] on the entry with the IP Address of the switch. This would move the IP to the Suggested Targets box and make it a scan exception.
[FP-EX-2] Known issues when scanning Printers
By default Scans are supposed to exclude printers, however there exist fragile printers that simply print out anything they receive on specific ports.
To mitigate this issue, we recommend excluding the IP of the printer from Scan Surface. By removing it from monitoring, the system will no longer trigger the unwanted printing behavior.
[FP-EX-3] Known issues when scanning IP and VoIP Phones
Certain IP and VoIP phones seem to be negatively affected by Footprint Brute Force scans due to them misreading the scan inputs.
To avoid any such problems, kindly make sure that the Brute Force Scans are disabled from the Device Page.
We are still investigating scan issues with Footprint and will continue to update this KB
Comments
0 comments
Please sign in to leave a comment.