Security Basics mailing list archives

RE: Down with DHCP!!!!

From: "Bergert, David" <David.Bergert () rsmi com>
Date: Thu, 23 Feb 2006 07:53:20 -0600

Here is a better link with instructions:

http://forums.cacti.net/viewtopic.php?t=9336&postdays=0&postorder=asc&st
art=345

or

http://tinyurl.com/mbngo

 s

Cheers

David Bergert
Supervisor, Technology Risk Management Services
RSM McGladrey, Inc.
201 North Harrison Street, Suite. 300
Davenport, IA 52801
Office: 563-888-4023
Mobile: 563-650-6006
Fax: 563-324-6939
david.bergert () rsmi com
www.rsmmcgladrey.com

-----Original Message-----
From: Brian Loe [mailto:knobdy () gmail com] 
Sent: Wednesday, February 22, 2006 8:39 AM
Cc: security-basics () securityfocus com
Subject: Re: Down with DHCP!!!!

Since twenty people asked off-list, I'll just tell you that the
software we're currently using for logging/tracking of MAC/IPs is
Cacti (cacti.org I believe) and the add-on called "MacTrack".

The desktop group here actually uses their AV software to detect rogue
computers - scanning machines to verify the AV software is installed
and has the latest definitions (obviously, if it doesn't, it's not one
of theirs). This isn't free.

On 2/21/06, Brian Loe <knobdy () gmail com> wrote:

I would make jokes about your last comment, but I'm too weirded out by
this whole thread to even try. The company I work for, which is hardly
at the forefront of security, can tell you when a new machine is added
to the network, the instant it is added. Very soon, we'll be
implementing port security on all of our switches and a centralized
log server to gather data from every device on our network.

Your reasons for wanting to dump DHCP are as flawed as the original
poster's reasoning. Right now I can log into a FREE piece of software
I have implemented here and tell you what MAC address had which IP
address - for any period of time going back 2 weeks (and I could
configure it to keep the records longer). Eventually everything will
be getting logged in such a way that I'll be able to tell you when an
"incident" occured, on what network, via which MAC address on which
port of which switch...etc. I will be doing all of this with freely
available, open source code that you could download and install right
now...if you were in a position to do so.

------------------------------------------------------------------------
---
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity
Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---

DISCLAIMER:
This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. Unless
stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of
the company. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete
this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other
person. Thank you for your cooperation.

Any advice contained in this email (including any attachments unless expressly stated otherwise) is not intended or
written to be used, and cannot be used, for purposes of avoiding tax penalties that may be imposed on any taxpayer.

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: Down with DHCP!!!!, (continued)
- Re: Down with DHCP!!!! someone (Feb 21)
- Re: Down with DHCP!!!! a_wirtz (Feb 21)
- RE: Down with DHCP!!!! Steven Johnston (Feb 21)
- Re: Down with DHCP!!!! jalvare7 (Feb 21)
- RE: Down with DHCP!!!! Jasun Tate (Feb 21)
- Re: Down with DHCP!!!! gigabit (Feb 22)
  - Re: Down with DHCP!!!! tandernam (Feb 22)
  - Re: Down with DHCP!!!! Brian Loe (Feb 22)
  - RE: Down with DHCP!!!! Michael J. Benedetto (Feb 23)
- RE: Down with DHCP!!!! Steven Jones (Feb 22)
- RE: Down with DHCP!!!! Bergert, David (Feb 23)
- Re: RE: Down with DHCP!!!! anon (Feb 24)
- Re: Re: RE: Down with DHCP!!!! jctcmb (Feb 25)
- Re: Re: Re: RE: Down with DHCP!!!! me (Feb 27)