Security Basics mailing list archives
Re: Network scanning
From: Sebastian Schneider <ses () straightliners de>
Date: Fri, 8 Aug 2003 01:34:58 +0200
Actually, even MAC addresses could be spoofed.So if it's some kind of critical or privileged system you're dealing with, just
filtering MACs won't be enough. As netsec pointed out, placing NIDS sensors like snort (www.snort.org) could fit your company's needs. Please take account of WEP encryption is not sufficient if you want to get sure, since sniffers like KisMac can compute matching passwords used in your WEP environment really fast. Sebastian ----------------------------- straightLiners IT Consulting & Services Sebastian Schneider Metzer Str. 12 13595 Berlin Germany Phone: +49-30-3510-6168 Fax: +49-30-35106-169 Mail: ses () straightliners deDiese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben,
informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or
distribution of the material in this e-mail is strictly forbidden. On Friday, August 8, 2003, at 12:22 AM, Rory wrote:
for the wireless stuff I would just do mac filtering, any host that is not in the list of mac address is not allowed to join the wireless network. Of course the network traffic can still be sniffed using any laptop but youcan just encrypt the traffic over wireless as you suggested. The mac filtering is something easy to setup and makes sure you don't end uphanding out access to the network to some dude out in in the parking lot.AS for the other stuff i'm not too sure as SNMP is not something I haveused, running a snort box in the network checking for scanning activity is also a good precaution that way you are also guarding against any unhappyemployee's looking to make your job harder. On Thu, 7 Aug 2003, netsec novice wrote:Are there tools out there that would allow system administrators to benotified when a new workstation attaches to a network? I'm thinking both wireless and ethernet in this case. SNMP maybe? I am in a credit unionenvironment and my concern is that someone would be able to steal anexisting jack or a jack that is not physically protected but live and be able to capture traffic or do reconaissance. We don't have Wireless access at this point but may look to it in the future. My only thought in that case would be to encrypt all traffic since wireless security is a bit scaryat this point. Any ideas? _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail---------------------------------------------------------------------- ----- ---------------------------------------------------------------------- ----------------------------------------------------------------------------- ---- ----------------------------------------------------------------------- -----
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Network scanning netsec novice (Aug 07)
- Re: Network scanning Rory (Aug 07)
- Re: Network scanning Sebastian Schneider (Aug 08)
- RE: Network scanning Paul Farag (Aug 08)
- Re: Network scanning James Fields (Aug 07)
- RE: Network scanning Simon (Aug 11)
- RE: Network scanning White-Tiger (Aug 12)
- Re: Network scanning himicos (Aug 13)
- <Possible follow-ups>
- Re: Network scanning Bradley Adams (Aug 07)
- Re: Network scanning Jeff MacDonald (Aug 07)
- RE: Network scanning Jason Armstrong (Aug 08)
- RE: Network scanning CHRIS GRABENSTEIN (Aug 08)
- Re: Network scanning Sebastian Schneider (Aug 08)
(Thread continues...)
- Re: Network scanning Rory (Aug 07)