Security Basics mailing list archives
RE: Network scanning
From: "Simon" <simon () snosoft com>
Date: Sun, 10 Aug 2003 23:50:00 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 One thing that you could do is use a tool that would send an ICMP packet to all possible addresses in your particular network. That won't detect all connecting hosts, in particular if someone jacks in to sniff only, but that assumes that your network is hub based. If your network is switch based then people will have a hard time logging in and sniffing without being detected as they'd normally have to ARP poison the switch or do something else that would be detectable. So... the simple 99% answer is, ping all possible IP addresses once, if you get a response from an address thats not supposed to be there... well... then you'll know. Also, if you use DHCP then you could watch the DHCP log for new systems... thats not super difficult either. - -----Original Message----- From: netsec novice [mailto:netsec9 () hotmail com] Sent: Thursday, August 07, 2003 1:51 PM To: security-basics () securityfocus com Subject: Network scanning Are there tools out there that would allow system administrators to be notified when a new workstation attaches to a network? I'm thinking both wireless and ethernet in this case. SNMP maybe? I am in a credit union environment and my concern is that someone would be able to steal an existing jack or a jack that is not physically protected but live and be able to capture traffic or do reconaissance. We don't have Wireless access at this point but may look to it in the future. My only thought in that case would be to encrypt all traffic since wireless security is a bit scary at this point. Any ideas? _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail - ---------------------------------------------------------------------- - ----- - ---------------------------------------------------------------------- - ------ -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPzc8mLR5YB3MHZrzEQIvJACfb4SAmdXUjJO/IIF8MUlD8ZW7eJoAoNwa al4RKIPk0+/E12goPnm8nyZD =RnNW -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Network scanning netsec novice (Aug 07)
- Re: Network scanning Rory (Aug 07)
- Re: Network scanning Sebastian Schneider (Aug 08)
- RE: Network scanning Paul Farag (Aug 08)
- Re: Network scanning James Fields (Aug 07)
- RE: Network scanning Simon (Aug 11)
- RE: Network scanning White-Tiger (Aug 12)
- Re: Network scanning himicos (Aug 13)
- <Possible follow-ups>
- Re: Network scanning Bradley Adams (Aug 07)
- Re: Network scanning Jeff MacDonald (Aug 07)
- RE: Network scanning Jason Armstrong (Aug 08)
- RE: Network scanning CHRIS GRABENSTEIN (Aug 08)
- Re: Network scanning Sebastian Schneider (Aug 08)
- Re: Network scanning White-Tiger (Aug 11)
- Re: Network scanning Sebastian Schneider (Aug 11)
- RE: Network scanning Ethan (Aug 12)
- Re: Network scanning Sebastian Schneider (Aug 08)
- Re: Network scanning Rory (Aug 07)