Security Basics mailing list archives
RE: Network scanning
From: "CHRIS GRABENSTEIN" <LFGRABC () LF VCCS EDU>
Date: Fri, 8 Aug 2003 08:19:34 -0400
I don't think there is a really good way to do it. Filtering by MAC on the access point is good, but MACs can be spoofed. The packets of course can still be sniffed which could provide a lot of info. I'd recommend something like LEAP authentication with Cisco access points. You have to use all-Cisco wireless equipment, but it seems to work well. Encryption on top of that wouldn't be a horrible idea. As far as the hard wires, I think the best solution is to search out those unused ports and unplug them from the switch. They can be quickly reconnected if needed, and you'll know about it. Sniffing for traffic from new devices on the network is fine unless they use a sniffer cable which only allows traffic to flow in one direction. They're cheap and small. Also, just restricting who can grab an address via DHCP isn't good enough because they can still use a static IP or just sniff. |-----Original Message----- |From: netsec novice [mailto:netsec9 () hotmail com] |Sent: Thursday, August 07, 2003 4:51 PM |To: security-basics () securityfocus com |Subject: Network scanning | | |Are there tools out there that would allow system administrators to be |notified when a new workstation attaches to a network? I'm |thinking both |wireless and ethernet in this case. SNMP maybe? I am in a |credit union |environment and my concern is that someone would be able to steal an |existing jack or a jack that is not physically protected but |live and be |able to capture traffic or do reconaissance. We don't have |Wireless access |at this point but may look to it in the future. My only |thought in that |case would be to encrypt all traffic since wireless security |is a bit scary |at this point. Any ideas? --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Network scanning, (continued)
- Re: Network scanning Rory (Aug 07)
- Re: Network scanning Sebastian Schneider (Aug 08)
- RE: Network scanning Paul Farag (Aug 08)
- Re: Network scanning James Fields (Aug 07)
- RE: Network scanning Simon (Aug 11)
- RE: Network scanning White-Tiger (Aug 12)
- Re: Network scanning himicos (Aug 13)
- Re: Network scanning Bradley Adams (Aug 07)
- Re: Network scanning Jeff MacDonald (Aug 07)
- RE: Network scanning Jason Armstrong (Aug 08)
- RE: Network scanning CHRIS GRABENSTEIN (Aug 08)
- Re: Network scanning Sebastian Schneider (Aug 08)
- Re: Network scanning White-Tiger (Aug 11)
- Re: Network scanning Sebastian Schneider (Aug 11)
- RE: Network scanning Ethan (Aug 12)
- Re: Network scanning Jeff Lumley (Aug 12)
- Re: Network scanning Sebastian Schneider (Aug 08)
- Re: Network scanning Rory (Aug 07)
- Re: Network scanning Sebastian Schneider (Aug 11)