Security Basics mailing list archives
RE: Comparing hosts on a network to text file
From: Dave Kleiman <dave () davekleiman com>
Date: Tue, 7 Aug 2012 13:15:37 -0500
Andi, You could create a database of the known and compare separate tables of the current active, leaving the results of any not listed in the known. Respectfully, Dave Kleiman - http://www.ComputerForensicsLLC.com - http://www.computerforensicsexpertwitnesses.com/ 4371 Northlake Blvd #314 Palm Beach Gardens, FL 33410 561.310.8801 -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Morris, Andi Sent: Tuesday, August 07, 2012 10:38 To: security-basics () securityfocus com Subject: Comparing hosts on a network to text file Hi all, I’m looking to create a script, or use something already in existence to scan a network for hosts, returning the mac addresses active on the network. The script should then compare the mac addresses discovered to a prepopulated text file and somehow notify me of any discrepancy. I’d imagine nmap would be the tool I’m after. The scenario is: I have a network that has a filled DHCP scope. When a user registers a device with us we assign them an IP address on the Windows DHCP server. We are trying to avoid users manually giving themselves an IP address from this range and gaining access. My plan was to have a script poll the network every ‘n’ minutes to compare the mac addresses on the network to those that we have reserved IPs for and to email the details of any rogue clients to a designated mailbox . Does this sound feasible and does anyone know of a tool that would already exist for this before I spend hours learning and configuring nmap (not time badly spent I admit). Cheers, Andi --------------------------------------------------------------- Andi Morris Technical Security Analyst Systems and Communications Services Information Services Division Cardiff Metropolitan University Cardiff Wales CF5 2YB 02920 205720 -------------------------------------------------------------- ________________________________ From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx> Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o‘r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
Current thread:
- Comparing hosts on a network to text file Morris, Andi (Aug 07)
- Message not available
- RE: Comparing hosts on a network to text file Morris, Andi (Aug 07)
- Re: Comparing hosts on a network to text file !s3grim (Aug 07)
- RE: Comparing hosts on a network to text file Morris, Andi (Aug 07)
- Message not available
- Re: Comparing hosts on a network to text file Johannes Truschnigg (Aug 07)
- RE: Comparing hosts on a network to text file Dave Kleiman (Aug 07)
- RE: Comparing hosts on a network to text file Demetris Papapetrou (Aug 09)
- RE: Comparing hosts on a network to text file Steve Steiner (Aug 10)
- RE: Comparing hosts on a network to text file Simon Thornton (Aug 10)
- RE: Comparing hosts on a network to text file Mike Saldivar (Aug 10)