Penetration Testing mailing list archives
Re: OT: the detection of illegal gateways
From: Marco Ivaldi <raptor () mediaservice net>
Date: Thu, 10 Jun 2010 17:40:09 +0200 (ora legale Europa occidentale)
On Mon, 17 May 2010, J Hein wrote: [snip]
Are there any good products for detecting illegally installed boxes with a routing capability?
I don't believe anybody mentioned Metasploit's Rogue Link Detection Project from 2005. White paper and related tools are available here:
http://www.metasploit.com/research/projects/rogue_network/ Summary:Unauthorized network links are one of the biggest problems facing large enterprise networks. Users intent on bypassing corporate proxies will often use cable modems, wireless networks, or even full-fledged T1s to access the internet. These network links can have a drastic affect on organizational security; any perimeter access controls are completely bypassed, making it nearly impossible for the administrators to effectively concentrate their monitoring and intrusion prevention efforts. This document attempts to describe different approaches and techniques that can be used to detect these rogue network links.
Also, the Metasploit Framework includes a couple of modules for automating the process:
http://www.metasploit.com/modules/auxiliary/scanner/rogue/rogue_recv http://www.metasploit.com/modules/auxiliary/scanner/rogue/rogue_send Hope this helps, -- ------------------------------------------------------------------ Marco Ivaldi OPSA, OPST, OWSE Senior Security Advisor @ Mediaservice.net Srl Tel: +39-011-32.72.100 Via San Bernardino, 17 Fax: +39-011-32.46.497 10141 Torino - ITALY http://www.mediaservice.net/ ------------------------------------------------------------------ PGP Key - https://keys.mediaservice.net/m_ivaldi.asc ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: OT: the detection of illegal gateways matteo filippetto (Jun 01)
- <Possible follow-ups>
- Re: OT: the detection of illegal gateways Marco Ivaldi (Jun 14)