Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT: the detection of illegal gateways

From: Marco Ivaldi <raptor () mediaservice net>
Date: Thu, 10 Jun 2010 17:40:09 +0200 (ora legale Europa occidentale)
On Mon, 17 May 2010, J Hein wrote:

[snip]
Are there any good products for detecting illegally installed boxes with a routing capability?
I don't believe anybody mentioned Metasploit's Rogue Link Detection Project from 2005. White paper and related tools are available here: 

http://www.metasploit.com/research/projects/rogue_network/

Summary:
Unauthorized network links are one of the biggest problems facing large enterprise networks. Users intent on bypassing corporate proxies will often use cable modems, wireless networks, or even full-fledged T1s to access the internet. These network links can have a drastic affect on organizational security; any perimeter access controls are completely bypassed, making it nearly impossible for the administrators to effectively concentrate their monitoring and intrusion prevention efforts. This document attempts to describe different approaches and techniques that can be used to detect these rogue network links.
Also, the Metasploit Framework includes a couple of modules for automating the process: 

http://www.metasploit.com/modules/auxiliary/scanner/rogue/rogue_recv
http://www.metasploit.com/modules/auxiliary/scanner/rogue/rogue_send

Hope this helps,

--
------------------------------------------------------------------
Marco Ivaldi                          OPSA, OPST, OWSE
Senior Security Advisor
@ Mediaservice.net Srl                Tel: +39-011-32.72.100
Via San Bernardino, 17                Fax: +39-011-32.46.497
10141 Torino - ITALY                  http://www.mediaservice.net/
------------------------------------------------------------------
PGP Key - https://keys.mediaservice.net/m_ivaldi.asc


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: