Security Basics mailing list archives
RE: How to find a changing IP on ethernet network
From: "Gary Freeman" <Gary.Freeman () rci rogers com>
Date: Tue, 2 Mar 2004 17:01:11 -0500
I thought the buzzword for that was CSA - Cisco Security Agent. We were invited to Cisco after our company got "blasted" last year for a demo of the "agent" that they had newly acquired during the summer of worms. Guess they decided to change the branding of the product (again). The product fell short of supporting everything we are up against. G :-) -----Original Message----- From: Hoang, Binh P,,DMDCWEST [mailto:Hoangbp () osd pentagon mil] Sent: Tuesday, March 02, 2004 1:10 PM To: Gary Freeman; Hoang, Binh P,,DMDCWEST; Khaled; gillettdavid () fhda edu; Bhavani Suresh; Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA; security-basics () securityfocus com Subject: RE: How to find a changing IP on ethernet network Yeah, 802.1x is cool! We're in the process of implementing 802.1x for our Wireless LAN (using Cisco Aironet 1200 Aps). It is a lot more secure than WEP. Another buzzword that cisco is throwing around is Network Admission Control(NAC), which is part of their newCisco Self-Defending Network Initiative. Cisco is working with several anti-virus vendors to develop what they call Cisco Trust Agent that resides on an endpoint system and communicates with the Cisco network. What this agent does is, it collects informatin from anti-virus clients and communicates this info to the Cisco network where access control decisions are made/enforced. As of right now, Cisco has partnership with NAI,Symantec and Trend Micro, but they said that they will have more partners in the future. This sounds pretty interesting, doesn't it. Binh -----Original Message----- From: Gary Freeman [mailto:Gary.Freeman () rci rogers com] Sent: Tuesday, March 02, 2004 9:54 AM To: Hoang, Binh P,,DMDCWEST; Khaled; gillettdavid () fhda edu; Bhavani Suresh; Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA; security-basics () securityfocus com Subject: RE: How to find a changing IP on ethernet network Hey there, Port Security is a good Cisco feature for a small LAN but when working with large networks with roaming users, I would use Port Authentication in conjunction with Port Security. Cisco's new buzzword for this is Identity Based Network Security (IBNS) and uses 802.1x at the client level (supplicant) to authenticate the user against a RADIUS server. The switch acts as an authentication proxy and will enable or disable the port based on the RADIUS response to the MD5 challenge. The best part of doing dot1x with Port Security is that the MAC addresses are stored in the user profile centrally and don't require each switch port to be hard-coded with the MAC address. Cheers, Gary Freeman Network Security Specialist RSS-IT Security Team Rogers Communications Inc. -----Original Message----- From: Hoang, Binh P,,DMDCWEST [mailto:Hoangbp () osd pentagon mil] Sent: Monday, March 01, 2004 7:02 PM To: 'Khaled'; gillettdavid () fhda edu; 'Bhavani Suresh'; 'Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA'; security-basics () securityfocus com Subject: RE: How to find a changing IP on ethernet network I'm sure he meant SNMP trap not SMTP. Anyhow, it's all good! Binh -----Original Message----- From: Khaled [mailto:lists () sonicc net] Sent: Monday, March 01, 2004 12:21 PM To: gillettdavid () fhda edu; 'Bhavani Suresh'; 'Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA'; security-basics () securityfocus com Subject: RE: How to find a changing IP on ethernet network Hi David, If this wasn't the security basics list I would not have replied :) The trap you refer to is of course an SNMP trap not SMTP trap (sorry about being @nal) Regards, K. -----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: Saturday, 28 February 2004 5:18 AM To: 'Bhavani Suresh'; 'Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA'; security-basics () securityfocus com Subject: RE: How to find a changing IP on ethernet network If you're using Cisco Catalyst switches, this feature is called "port security". Enable it, tell it how many MAC addresses to allow per port, and whether, when this number is exceeded, to issue an SMTP trap to your Network Management package, or shut down the switch port. Of course, if you're using some other equipment, you need to find out what features, if any, that equipment offers. David Gillett
-----Original Message----- From: Bhavani Suresh [mailto:bhavani.suresh () adnoc-dist co ae] Sent: Wednesday, February 25, 2004 2:36 AM To: Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA; security-basics () securityfocus com Subject: RE: How to find a changing IP on ethernet network Following up this..i want to know at the network level any software can bind the MAC Addresses to the ports (and to take current MAC Addresses in the network automatically)so that no new ip address can be allocated without the consent of the network admin. This will also ensure security so that non one just plugs in a pc or laptop.. Any idea.. -----Original Message----- From: Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA [mailto:lists () infostruct net] Sent: Saturday, February 21, 2004 20:12 To: security-basics () securityfocus com Subject: Re: How to find a changing IP on ethernet network Ivan, This is an interesting situation. Here are a few possible ways to address it: 1. Send an e-mail to the user community explaining the problem and asking them to leave their IP address configurations alone. 2. In case you don't know, as the new system boots it announces its IP
address to the network. If another system already has that IP address,
it will reply and the new system will shut down the interface running the duplicate IP. a. From the new system, run the arp command (arp -a). C:\> arp -a Interface: 192.168.2.100 --- 0x20002 Internet Address Physical Address Type 192.168.2.1 00-06-25-c0-93-65 dynamic This will list the IP address and associated MAC (hardware) address (e.g. 00-06-25-c0-93-65). b. Now all you need to do is find out which system has that MAC address: C:\> ipconfig /all (output abbreviated) Physical Address. . . . . . . . . : 00-06-25-c0-93-65 3. You could also use tcpdump or windump (http://windump.polito.it) to sniff the network traffic for that specific IP and view the resulting dump file with Ethereal (http://www.ethereal.com). This is a bit advanced for the average user. If you have any additional questions, please do not hesitate to contact me. Kind regards, Gideon Gideon T. Rasmussen CISSP, CISM, CFSO, SCSA Boca Raton, FL gideon () infostruct net National Security Awareness Day - September 10, 2004 - Are you aware? Subject: How to find a changing IP on ethernet network From: Ivan Andres Hernandez Puga <ivan.hernandez () globalsis com ar> Date: Fri, 20 Feb 2004 11:54:29 -0300 To: security-basics () securityfocus com Hello. I have a client with a simple Ethernet network with HUB's connecting and there is one person that is changing it's IP and creating conflicts. What would you do to track down that person? i mean, to find who does that? Thanks! Ivan Hernandez -------------------------------------------------------------- ---------- --- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 -------------------------------------------------------------- ---------- ---- ************************************************************ Please note that our domain name has been changed to: adnoc-dist.ae; Hence please change the email ID to reflect the new domain name. This communication may contain confidential information. If you are not the
intended recipient, then please inform us immediately. Adnoc Distribution-Tel:02-6771300 Fax:02-6722322 Email:webmaster () adnoc-dist ae Website: www.adnoc-dist.ae This message was scanned @ Adnoc distribution ************************************************************ ************************************************************ Please note that our domain name has been changed to: adnoc-dist.ae; Hence please change the email ID to reflect the new domain name. This communication may contain confidential information. If you are not the
intended recipient, then please inform us immediately. Adnoc Distribution-Tel:02-6771300 Fax:02-6722322 Email:webmaster () adnoc-dist ae Website: www.adnoc-dist.ae This message was scanned @ Adnoc distribution ************************************************************ -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
------------------------------------------------------------------------ --- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_security-basics_040301 ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_security-basics_040301 ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_security-basics_040301 ----------------------------------------------------------------------------
Current thread:
- RE: How to find a changing IP on ethernet network David Gillett (Mar 01)
- RE: How to find a changing IP on ethernet network Khaled (Mar 01)
- <Possible follow-ups>
- RE: How to find a changing IP on ethernet network Hoang, Binh P,,DMDCWEST (Mar 02)
- RE: How to find a changing IP on ethernet network Gary Freeman (Mar 02)
- RE: How to find a changing IP on ethernet network Hoang, Binh P,,DMDCWEST (Mar 02)
- RE: How to find a changing IP on ethernet network Gary Freeman (Mar 03)
- RE: How to find a changing IP on ethernet network Rosenhan, David (Mar 03)