Security Basics mailing list archives
RE: Network scanning
From: Rory <nazgul () csn ul ie>
Date: Fri, 8 Aug 2003 18:28:29 +0100 (IST)
Yup you quite right, I was wrong on this one alright. I dind't intend my answer to be taken up as a whole soln although looking at my post I made very little effort to clarify this. So seeing as my lame idea got shot down I have a question Is there any point in putting in mac filters the ? If you going to use something else to authenticate the hosts joining the network whats the point is there anything to be actually gained by it? I thought it was a good thing to add in anyways as it is a simple thing to do and it's an extra check, albeit and easily circumvented one. On Fri, 8 Aug 2003, David wrote:
Rory, the first packet from the wireless client that is sniffed gives away the mac address. Unless you tunnel the wireless connection, the mac address is out in the open, not encrypted. ipsec won't help either. same deal. and if you vpn tunnel, you have to be able to DENY the mac addresses on the two sides of the tunnel, so that when they sniff the tunnel, they don't use THOSE mac's. Maybe you want to withdraw your comment on this -----Original Message----- From: Rory [mailto:nazgul () csn ul ie] Sent: Friday, August 08, 2003 12:23 AM To: netsec novice Cc: security-basics () securityfocus com Subject: Re: Network scanning for the wireless stuff I would just do mac filtering, any host that is not in the list of mac address is not allowed to join the wireless network. Of course the network traffic can still be sniffed using any laptop but you can just encrypt the traffic over wireless as you suggested. The mac filtering is something easy to setup and makes sure you don't end up handing out access to the network to some dude out in in the parking lot. AS for the other stuff i'm not too sure as SNMP is not something I have used, running a snort box in the network checking for scanning activity is also a good precaution that way you are also guarding against any unhappy employee's looking to make your job harder. On Thu, 7 Aug 2003, netsec novice wrote:Are there tools out there that would allow system administrators to be notified when a new workstation attaches to a network? I'm thinking both wireless and ethernet in this case. SNMP maybe? I am in a credit union environment and my concern is that someone would be able to steal an existing jack or a jack that is not physically protected but live and be able to capture traffic or do reconaissance. We don't have Wirelessaccessat this point but may look to it in the future. My only thought in that case would be to encrypt all traffic since wireless security is a bitscaryat this point. Any ideas? _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Network scanning, (continued)
- Re: Network scanning Bradley Adams (Aug 07)
- Re: Network scanning Jeff MacDonald (Aug 07)
- RE: Network scanning Jason Armstrong (Aug 08)
- RE: Network scanning CHRIS GRABENSTEIN (Aug 08)
- Re: Network scanning Sebastian Schneider (Aug 08)
- Re: Network scanning White-Tiger (Aug 11)
- Re: Network scanning Sebastian Schneider (Aug 11)
- RE: Network scanning Ethan (Aug 12)
- Re: Network scanning Jeff Lumley (Aug 12)
- Re: Network scanning Sebastian Schneider (Aug 08)
- Re: Network scanning Sebastian Schneider (Aug 11)
- Re: Network scanning Logan Rogers-Follis (Aug 14)