RE: Network scanning

[White-Tiger <white-tiger () rocketmail com>]

If you are in a switched network... some switches support
snmp traps for link up/down.

if port 12 is unused... and you get a trap that is just
went UP... the bingo... someone is on.  also... you get set
it up so that if yoiu have a workstation with a link that
goes down/up/down/ or some pattern... your helpdesk can see
it... can call to make sure everything is ok... that way
you might catch standard user problems before they have to
call you.  what great customer service :)

looks good for you.

wt
--- Simon <simon () snosoft com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> One thing that you could do is use a tool that would send
> an ICMP
> packet to all possible addresses in your particular
> network.  That
> won't detect all connecting hosts, in particular if
> someone jacks in
> to sniff only, but that assumes that your network is hub
> based.  If
> your network is switch based then people will have a hard
> time
> logging in and sniffing without being detected as they'd
> normally
> have to ARP poison the switch or do something else that
> would be
> detectable.
>
>
> So... the simple 99% answer is, ping all possible IP
> addresses once,
> if you get a response from an address thats not supposed
> to be
> there... well... then you'll know.  
>
> Also, if you use DHCP then you could watch the DHCP log
> for new
> systems... thats not super difficult either. 
>
>
>
> - -----Original Message-----
> From: netsec novice [mailto:netsec9 () hotmail com]
> Sent: Thursday, August 07, 2003 1:51 PM
> To: security-basics () securityfocus com
> Subject: Network scanning
>
>
> Are there tools out there that would allow system
> administrators to
> be 
> notified when a new workstation attaches to a network? 
> I'm thinking
> both 
> wireless and ethernet in this case.  SNMP maybe?  I am in
> a credit
> union 
> environment and my concern is that someone would be able
> to steal an 
> existing jack or a jack that is not physically protected
> but live and
> be 
> able to capture traffic or do reconaissance.  We don't
> have Wireless
> access 
> at this point but may look to it in the future.  My only
> thought in
> that 
> case would be to encrypt all traffic since wireless
> security is a bit
> scary 
> at this point.  Any ideas?
_________________________________________________________________
> The new MSN 8: smart spam protection and 2 months FREE*  
> http://join.msn.com/?page=features/junkmail
>
>
> -
----------------------------------------------------------------------
> - -----
> -
----------------------------------------------------------------------
> - ------
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.8 for non-commercial use
> <http://www.pgp.com>
iQA/AwUBPzc8mLR5YB3MHZrzEQIvJACfb4SAmdXUjJO/IIF8MUlD8ZW7eJoAoNwa
> al4RKIPk0+/E12goPnm8nyZD
> =RnNW
> -----END PGP SIGNATURE-----
---------------------------------------------------------------------------
>
----------------------------------------------------------------------------
>


__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
----------------------------------------------------------------------------