Welcome, Guest. Please login or register.

Author Topic: Avoiding discovery of Cisco IP Phones  (Read 2673 times)

Sampson Fung

  • Guest
Avoiding discovery of Cisco IP Phones
« on: June 04, 2013, 08:46:10 AM »
My data networks are:

172.16.x.0/24
172.17.x.0/24
172.18.x.0/24
172.19.x.0/24

And my Voice network is:
10.1.x.0/24

So I used this netfilter:
netfilter 172\.1[6789]\.

But after DB init of ./nedi.pl -i, and the discovery command
./nedi.pl -p -o -l -c -v -u ./seed

I still got a not of VoIP phones inserted into the DB.

Also, it is still discovering the subnets for my guests, which is in 10.x.y.z/24 format.

I want to avoid:
1.  spending time to "discover" those VoIP devices
2.  Do not scan my "guest" machines at all

How should I do that?

I am using the Suse Virtual Appliance for version 1.0.8

ascii

  • Jr. Member
  • **
  • Posts: 82
    • View Profile
Re: Avoiding discovery of Cisco IP Phones
« Reply #1 on: June 04, 2013, 12:40:26 PM »
i think rickli posted samewhere that it's not a regex filter.
It's only matches the string.
so your netfilter needs to look like these
netfilter 172.16.|172.17.|172.18.|172.19.

pc_sg

  • Sr. Member
  • ****
  • Posts: 265
    • View Profile
Re: Avoiding discovery of Cisco IP Phones
« Reply #2 on: June 04, 2013, 02:24:53 PM »
i think rickli posted samewhere that it's not a regex filter.
It's only matches the string.
so your netfilter needs to look like these
netfilter 172.16.|172.17.|172.18.|172.19.
In original untouched nedi.conf
Code: [Select]
# Only discover devices where ip address matches this regular expression.
# This way NeDi will not send any login credentials to rogue/evil devices.
;netfilter 192.168.0|172.16
# To avoid networks
;netfilter ^(?!192.168.1).*$
netfilter .
Indeed someone (sorry, I don't remember who) suggest me to use something like
Code: [Select]
netfilter 172.1[6-9].*.*Anyway I haven't found anything to understand exactly which regex "netfilter" accepts.
Are PERL regex ?

When indicated, are those always PERL regex in NeDi?

:)

Paolo

Edit: watched inside libsnmp.pm, the checking line is this one:
Code: [Select]
}elsif($ip !~ /$misc::netfilter/){

and "!~" is the "NOT regex" operator.

Seems confirmed that NeDi netfilter uses regex.

Remo, right?
« Last Edit: June 04, 2013, 03:53:36 PM by pc_sg »

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2697
    • View Profile
    • NeDi
Re: Avoiding discovery of Cisco IP Phones
« Reply #3 on: June 04, 2013, 05:52:30 PM »
That's correct! Make sure you only have one uncommented netfilter line...

VoIP phones should be treated as nonsnmp devices, therefore no need to exclude. What type of phones do you have?
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo

pc_sg

  • Sr. Member
  • ****
  • Posts: 265
    • View Profile
Re: Avoiding discovery of Cisco IP Phones
« Reply #4 on: June 05, 2013, 08:26:26 AM »
Ok Remo.
Thanks!

But now I'm not sure that the first two examples of netfilter (included in nidi.conf) are OK.
I've checkes them using http://gskinner.com/RegExr/

I think the first should be
Code: [Select]
;netfilter 192\.168\.0|172\.16or better
Code: [Select]
;netfilter ^192\.168\.0|^172\.16to avoid false exclusions (i.e. 1.192.168.0 or 10.1.172.16, both are valis addresses evem not probable)

The second also seems to need \. in place of single .

Am I wrong?

Paolo

rickli

  • Administrator
  • Hero Member
  • *****
  • Posts: 2697
    • View Profile
    • NeDi
Re: Avoiding discovery of Cisco IP Phones
« Reply #5 on: June 05, 2013, 06:22:09 PM »
Nope, you're absolutely correct. I was just lazy (the dots match any character, but IP addresses ought to have a literal dot every 3 digits) with those examples and I probably should adopt your suggestions :)
« Last Edit: June 05, 2013, 06:23:44 PM by rickli »
Please consider Other-Invoices on your NeDi installation for an annual contribution, tx!
-Remo