Snort mailing list archives
RE: Rogue DHCP servers
From: "Martin Jr., D. Michael" <martinm () montevallo edu>
Date: Fri, 31 Oct 2003 07:23:13 -0600
ACLs are your friends. BUT, when you have legacy wiring and hubs and all of the users on one VLAN (and that is your only choice because of the wiring and existing infrastructure), ACLs aren't that viable. In our setting, each person in our residence halls is connected to a 10Mb Baystack Hub. In turn, each building (with multiple hubs in the building) is then connected to a central campus Cisco switch. We could implement ACLs at that switch level but that does not keep students from putting DHCP servers (and routers...and they buy those for their rooms all the time) within the building. I need to use Snort to detect those routers in those building proactively so we can go and find them and disconnect them from the network so that services can be restored to the rest of the student population. Thanks, Michael -----Original Message----- From: Jason Haar [mailto:Jason.Haar () trimble co nz] Sent: Thursday, October 30, 2003 6:28 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Rogue DHCP servers On Thu, Oct 30, 2003 at 04:58:27PM -0600, Martin Jr., D. Michael wrote:
No. It is a residence hall network. Therefore, we have anything and everything imaginable (FreeBSD, Linux, Windows, MacOS, etc...).
ACLs on switches are your friends... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Rogue DHCP servers Martin Jr., D. Michael (Oct 30)
- Re: Rogue DHCP servers Bennett Todd (Oct 31)
- <Possible follow-ups>
- RE: Rogue DHCP servers Kaplan, Andrew H. (Oct 30)
- RE: Rogue DHCP servers Martin Jr., D. Michael (Oct 30)
- Re: Rogue DHCP servers Jason Haar (Oct 30)
- RE: Rogue DHCP servers Kaplan, Andrew H. (Oct 31)
- RE: Rogue DHCP servers Martin Jr., D. Michael (Oct 31)
- RE: Rogue DHCP servers Gilbert Mendoza (Oct 31)
- RE: Rogue DHCP servers Gilbert Mendoza (Oct 31)
- Re: Rogue DHCP servers Jon Hart (Oct 31)
- RE: Rogue DHCP servers Gilbert Mendoza (Oct 31)