Educause Security Discussion mailing list archives
Re: Rootkit discovery tools
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Wed, 28 Jun 2006 14:29:33 -0400
On Tue, 27 Jun 2006 09:42:14 EDT, Caroline Couture said:
How would do this kind of scan? Would you have the computer on the network and scan the ip with nmap or do something else so the computer is not live on the network?
I'd configure their port 'down' at the switch end of the cable, and then unplug the cat-5 at the system end, and replace it with a crossover cable connected to a laptop that's been ifconfig'ed to appear to be on the subnet the computer was on, and then launch the nmap from the laptop. Bonus points if you use a VLAN solution to put them on a different VLAN with the same IP address to save having to make a house call, and/or if your laptop solution leverages ARP and/or ICMP Redirect to either autoconfigure itself onto the correct "subnet" or snarf up the IP address of the default router... If you're still using thinwire rather than cat-5, your jump bag should have the pieces needed to build a 2-foot-long thinwire network - I keep an old 8-port stupid hub (you want a hub, not a switch, here) with a thinwire uplink port for just such occasions. Every time I think we've stamped out thinwire campus-wide, I get proven wrong in an encounter with ancient lab equipment on a homegrown private network..
Current thread:
- Re: Rootkit discovery tools, (continued)
- Re: Rootkit discovery tools David Taylor (Jun 27)
- Re: Rootkit discovery tools Caroline Couture (Jun 27)
- Re: Rootkit discovery tools Graham Toal (Jun 27)
- Re: Rootkit discovery tools Wyman Miles (Jun 27)
- Re: Rootkit discovery tools David Boyer (Jun 27)
- Re: Rootkit discovery tools James H Moore (Jun 27)
- Re: Rootkit discovery tools David Taylor (Jun 27)
- Re: Rootkit discovery tools Mike Wiseman (Jun 27)
- Re: Rootkit discovery tools Graham Toal (Jun 27)
- Re: Rootkit discovery tools Wyman Miles (Jun 27)
- Re: Rootkit discovery tools Valdis Kletnieks (Jun 28)
- Re: Rootkit discovery tools Graham Toal (Jun 28)
- Re: Rootkit discovery tools Valdis Kletnieks (Jun 28)
- Re: Rootkit discovery tools Jeni Li (Jun 28)
- Re: Rootkit discovery tools Jeni Li (Jun 28)