RE: Network scanning

[Rory <nazgul () csn ul ie>]

Yup you quite right, I was wrong on this one alright. I dind't intend my
answer to be taken up as a whole soln although looking at my post I made
very little effort to clarify this. So seeing as my lame idea got shot
down I have a question Is there any point in putting in mac filters the ?
If you going to use something else to authenticate the hosts joining the
network whats the point is there anything to be actually gained by it? I
thought it was a good thing to add in anyways as it is a simple thing to
do and it's an extra check, albeit and easily circumvented one.

On Fri, 8 Aug 2003, David wrote:

> Rory, the first packet from the wireless client that is sniffed gives away
> the  mac address.
> Unless you tunnel the wireless connection, the mac address is out in the
> open, not encrypted. ipsec won't help either. same deal. and if you vpn
> tunnel, you have to be able to DENY the mac addresses on the two sides of
> the tunnel, so that when they sniff the tunnel, they don't use THOSE mac's.
> Maybe you want to withdraw your comment on this
>
> -----Original Message-----
> From: Rory [mailto:nazgul () csn ul ie]
> Sent: Friday, August 08, 2003 12:23 AM
> To: netsec novice
> Cc: security-basics () securityfocus com
> Subject: Re: Network scanning
>
>
> for the wireless stuff I would just do mac filtering, any host that is not
> in the list of mac address is not allowed to join the wireless network. Of
> course the network traffic can still be sniffed using any laptop but you
> can just encrypt the traffic over wireless as you suggested. The mac
> filtering is something easy to setup and makes sure you don't end up
> handing out access to the network to some dude out in in the parking lot.
>
> AS for the other stuff i'm not too sure as SNMP is not something I have
> used, running a snort box in the network checking for scanning activity is
> also a good precaution that way you are also guarding against any unhappy
> employee's looking to make your job harder.
>
> On Thu, 7 Aug 2003, netsec novice wrote:
>
> > Are there tools out there that would allow system administrators to be
> > notified when a new workstation attaches to a network?  I'm thinking both
> > wireless and ethernet in this case.  SNMP maybe?  I am in a credit union
> > environment and my concern is that someone would be able to steal an
> > existing jack or a jack that is not physically protected but live and be
> > able to capture traffic or do reconaissance.  We don't have Wireless
> access
> > at this point but may look to it in the future.  My only thought in that
> > case would be to encrypt all traffic since wireless security is a bit
> scary
> > at this point.  Any ideas?
> >
> > _________________________________________________________________
> > The new MSN 8: smart spam protection and 2 months FREE*
> > http://join.msn.com/?page=features/junkmail
> >
> >
> > --------------------------------------------------------------------------
> -
> > --------------------------------------------------------------------------
> --
> >
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------