Re: Network scanning

[Sebastian Schneider <ses () straightliners de>]

Actually, even MAC addresses could be spoofed.
So if it's some kind of critical or privileged system you're dealing  
with, just
filtering MACs won't be enough. As netsec pointed out, placing NIDS
sensors like snort (www.snort.org) could fit your company's needs.
Please take account of WEP encryption is not sufficient if you want to
get sure, since sniffers like KisMac can compute matching passwords
used in your WEP environment really fast.

Sebastian

-----------------------------
straightLiners IT Consulting & Services
Sebastian Schneider
Metzer Str. 12
13595 Berlin
Germany

Phone: +49-30-3510-6168
Fax: +49-30-35106-169
Mail: ses () straightliners de


Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte  
Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich  
erhalten haben,
informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist  
nicht gestattet.

This e-mail may contain confidential and/or privileged information. If  
you are not the
intended recipient (or have received this e-mail in error) please  
notify the sender
immediately and destroy this e-mail. Any unauthorized copying,  
disclosure or
distribution of the material in this e-mail is strictly forbidden.

On Friday, August 8, 2003, at 12:22 AM, Rory wrote:

> for the wireless stuff I would just do mac filtering, any host that is  
> not
> in the list of mac address is not allowed to join the wireless  
> network. Of
> course the network traffic can still be sniffed using any laptop but  
> you
> can just encrypt the traffic over wireless as you suggested. The mac
> filtering is something easy to setup and makes sure you don't end up
> handing out access to the network to some dude out in in the parking  
> lot.
>
> AS for the other stuff i'm not too sure as SNMP is not something I have
> used, running a snort box in the network checking for scanning  
> activity is
> also a good precaution that way you are also guarding against any  
> unhappy
> employee's looking to make your job harder.
>
> On Thu, 7 Aug 2003, netsec novice wrote:
>
> > Are there tools out there that would allow system administrators to be
> > notified when a new workstation attaches to a network?  I'm thinking  
> > both
> > wireless and ethernet in this case.  SNMP maybe?  I am in a credit  
> > union
> > environment and my concern is that someone would be able to steal an
> > existing jack or a jack that is not physically protected but live and  
> > be
> > able to capture traffic or do reconaissance.  We don't have Wireless  
> > access
> > at this point but may look to it in the future.  My only thought in  
> > that
> > case would be to encrypt all traffic since wireless security is a bit  
> > scary
> > at this point.  Any ideas?
> >
> > _________________________________________________________________
> > The new MSN 8: smart spam protection and 2 months FREE*
> > http://join.msn.com/?page=features/junkmail
> >
> >
> > ---------------------------------------------------------------------- 
> > -----
> > ---------------------------------------------------------------------- 
> > ------
>
> ----------------------------------------------------------------------- 
> ----
> ----------------------------------------------------------------------- 
> -----


---------------------------------------------------------------------------
----------------------------------------------------------------------------