Security Basics mailing list archives

RE: Network scanning

From: "Simon" <simon () snosoft com>
Date: Sun, 10 Aug 2003 23:50:00 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One thing that you could do is use a tool that would send an ICMP
packet to all possible addresses in your particular network.  That
won't detect all connecting hosts, in particular if someone jacks in
to sniff only, but that assumes that your network is hub based.  If
your network is switch based then people will have a hard time
logging in and sniffing without being detected as they'd normally
have to ARP poison the switch or do something else that would be
detectable.


So... the simple 99% answer is, ping all possible IP addresses once,
if you get a response from an address thats not supposed to be
there... well... then you'll know.  

Also, if you use DHCP then you could watch the DHCP log for new
systems... thats not super difficult either. 



- -----Original Message-----
From: netsec novice [mailto:netsec9 () hotmail com]
Sent: Thursday, August 07, 2003 1:51 PM
To: security-basics () securityfocus com
Subject: Network scanning


Are there tools out there that would allow system administrators to
be 
notified when a new workstation attaches to a network?  I'm thinking
both 
wireless and ethernet in this case.  SNMP maybe?  I am in a credit
union 
environment and my concern is that someone would be able to steal an 
existing jack or a jack that is not physically protected but live and
be 
able to capture traffic or do reconaissance.  We don't have Wireless
access 
at this point but may look to it in the future.  My only thought in
that 
case would be to encrypt all traffic since wireless security is a bit
scary 
at this point.  Any ideas?

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail


- ----------------------------------------------------------------------
- -----
- ----------------------------------------------------------------------
- ------

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPzc8mLR5YB3MHZrzEQIvJACfb4SAmdXUjJO/IIF8MUlD8ZW7eJoAoNwa
al4RKIPk0+/E12goPnm8nyZD
=RnNW
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Network scanning netsec novice (Aug 07)
- Re: Network scanning Rory (Aug 07)
  - Re: Network scanning Sebastian Schneider (Aug 08)
  - RE: Network scanning Paul Farag (Aug 08)
- Re: Network scanning James Fields (Aug 07)
- RE: Network scanning Simon (Aug 11)
  - RE: Network scanning White-Tiger (Aug 12)
  - Re: Network scanning himicos (Aug 13)
- <Possible follow-ups>
- Re: Network scanning Bradley Adams (Aug 07)
- Re: Network scanning Jeff MacDonald (Aug 07)
- RE: Network scanning Jason Armstrong (Aug 08)
- RE: Network scanning CHRIS GRABENSTEIN (Aug 08)
  - Re: Network scanning Sebastian Schneider (Aug 08)
    - Re: Network scanning White-Tiger (Aug 11)
    - Re: Network scanning Sebastian Schneider (Aug 11)
    - RE: Network scanning Ethan (Aug 12)

(Thread continues...)