Security Basics mailing list archives
RE: Network scanning
From: White-Tiger <white-tiger () rocketmail com>
Date: Mon, 11 Aug 2003 22:39:19 -0700 (PDT)
If you are in a switched network... some switches support snmp traps for link up/down. if port 12 is unused... and you get a trap that is just went UP... the bingo... someone is on. also... you get set it up so that if yoiu have a workstation with a link that goes down/up/down/ or some pattern... your helpdesk can see it... can call to make sure everything is ok... that way you might catch standard user problems before they have to call you. what great customer service :) looks good for you. wt --- Simon <simon () snosoft com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 One thing that you could do is use a tool that would send an ICMP packet to all possible addresses in your particular network. That won't detect all connecting hosts, in particular if someone jacks in to sniff only, but that assumes that your network is hub based. If your network is switch based then people will have a hard time logging in and sniffing without being detected as they'd normally have to ARP poison the switch or do something else that would be detectable. So... the simple 99% answer is, ping all possible IP addresses once, if you get a response from an address thats not supposed to be there... well... then you'll know. Also, if you use DHCP then you could watch the DHCP log for new systems... thats not super difficult either. - -----Original Message----- From: netsec novice [mailto:netsec9 () hotmail com] Sent: Thursday, August 07, 2003 1:51 PM To: security-basics () securityfocus com Subject: Network scanning Are there tools out there that would allow system administrators to be notified when a new workstation attaches to a network? I'm thinking both wireless and ethernet in this case. SNMP maybe? I am in a credit union environment and my concern is that someone would be able to steal an existing jack or a jack that is not physically protected but live and be able to capture traffic or do reconaissance. We don't have Wireless access at this point but may look to it in the future. My only thought in that case would be to encrypt all traffic since wireless security is a bit scary at this point. Any ideas?
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail -
----------------------------------------------------------------------
- ----- -
----------------------------------------------------------------------
- ------ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBPzc8mLR5YB3MHZrzEQIvJACfb4SAmdXUjJO/IIF8MUlD8ZW7eJoAoNwa
al4RKIPk0+/E12goPnm8nyZD =RnNW -----END PGP SIGNATURE-----
---------------------------------------------------------------------------
----------------------------------------------------------------------------
__________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Network scanning netsec novice (Aug 07)
- Re: Network scanning Rory (Aug 07)
- Re: Network scanning Sebastian Schneider (Aug 08)
- RE: Network scanning Paul Farag (Aug 08)
- Re: Network scanning James Fields (Aug 07)
- RE: Network scanning Simon (Aug 11)
- RE: Network scanning White-Tiger (Aug 12)
- Re: Network scanning himicos (Aug 13)
- <Possible follow-ups>
- Re: Network scanning Bradley Adams (Aug 07)
- Re: Network scanning Jeff MacDonald (Aug 07)
- RE: Network scanning Jason Armstrong (Aug 08)
- RE: Network scanning CHRIS GRABENSTEIN (Aug 08)
- Re: Network scanning Sebastian Schneider (Aug 08)
- Re: Network scanning White-Tiger (Aug 11)
- Re: Network scanning Sebastian Schneider (Aug 11)
- RE: Network scanning Ethan (Aug 12)
- Re: Network scanning Jeff Lumley (Aug 12)
- Re: Network scanning Sebastian Schneider (Aug 08)
- Re: Network scanning Rory (Aug 07)