Security Basics mailing list archives

RE: Network scanning

From: Jason Armstrong <jarmstrong () technicacorp com>
Date: Fri, 8 Aug 2003 08:32:41 -0400

Remember that MAC addresses can be spoofed.

-----Original Message-----
From: Rory [mailto:nazgul () csn ul ie] 
Sent: Thursday, August 07, 2003 6:23 PM
To: netsec novice
Cc: security-basics () securityfocus com
Subject: Re: Network scanning

for the wireless stuff I would just do mac filtering, any host that is not
in the list of mac address is not allowed to join the wireless network. Of
course the network traffic can still be sniffed using any laptop but you can
just encrypt the traffic over wireless as you suggested. The mac filtering
is something easy to setup and makes sure you don't end up handing out
access to the network to some dude out in in the parking lot.

AS for the other stuff i'm not too sure as SNMP is not something I have
used, running a snort box in the network checking for scanning activity is
also a good precaution that way you are also guarding against any unhappy
employee's looking to make your job harder.

On Thu, 7 Aug 2003, netsec novice wrote:

Are there tools out there that would allow system administrators to be 
notified when a new workstation attaches to a network?  I'm thinking 
both wireless and ethernet in this case.  SNMP maybe?  I am in a 
credit union environment and my concern is that someone would be able 
to steal an existing jack or a jack that is not physically protected 
but live and be able to capture traffic or do reconaissance.  We don't 
have Wireless access at this point but may look to it in the future.  
My only thought in that case would be to encrypt all traffic since 
wireless security is a bit scary at this point.  Any ideas?

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE* 
http://join.msn.com/?page=features/junkmail


----------------------------------------------------------------------
-----

----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Network scanning netsec novice (Aug 07)
- Re: Network scanning Rory (Aug 07)
  - Re: Network scanning Sebastian Schneider (Aug 08)
  - RE: Network scanning Paul Farag (Aug 08)
- Re: Network scanning James Fields (Aug 07)
- RE: Network scanning Simon (Aug 11)
  - RE: Network scanning White-Tiger (Aug 12)
  - Re: Network scanning himicos (Aug 13)
- <Possible follow-ups>
- Re: Network scanning Bradley Adams (Aug 07)
- Re: Network scanning Jeff MacDonald (Aug 07)
- RE: Network scanning Jason Armstrong (Aug 08)
- RE: Network scanning CHRIS GRABENSTEIN (Aug 08)
  - Re: Network scanning Sebastian Schneider (Aug 08)
    - Re: Network scanning White-Tiger (Aug 11)
    - Re: Network scanning Sebastian Schneider (Aug 11)
    - RE: Network scanning Ethan (Aug 12)
    - Re: Network scanning Jeff Lumley (Aug 12)
- Re: Network scanning c_brauckmiller (Aug 08)
- RE: Network scanning Rory (Aug 08)
- Re: Network scanning White-Tiger (Aug 11)
  - Re: Network scanning Sebastian Schneider (Aug 11)

(Thread continues...)