Security Basics mailing list archives

RE: Comparing hosts on a network to text file

From: "Thomas JC Welch" <steeltips () gmail com>
Date: Wed, 3 Oct 2012 22:19:44 +0100

Would 2008 server not do the job for you it has a deny
and allow list if activated will stop systems getting addresses on the network until permitted

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of !s3grim
Sent: 07 August 2012 18:33
To: Morris, Andi
Cc: 
Subject: Re: Comparing hosts on a network to text file

Hi, 

First at all you should consider that MAC-Scanning is only possible in one (V)LAN. If you're trying to use 

Rolph Kreis
---------------------------------------------
Dipl.-Inf. (Univ.)
Agnes-Bernauer-Str. 158,
80687 München
+49 89 45477167, 
+49 160 7836992
rolph () rolphkreis de

Am 07.08.2012 um 17:45 schrieb "Morris, Andi" <amorris () cardiffmet ac uk>:

We have NAC on that section of the network, and it works a treat, but a small subsection will not quite play ball 
with the NAC, namely non-dot1x devices such as games consoles.  Until such time that I can tweak the NAC to assign a 
separate vlan to these devices we are having to do it manually via DHCP reservations.

You raised a good idea there about mac-filtering.  I know I could run mac filtering on the wireless network for that 
SSID, but I'm not sure about on our Catalyst 2950s.  I'll investiage.

Cheers all for your responses.

Andi


From: Alexander Torres [mailto:alexltk0506 () gmail com] 
Sent: 07 August 2012 16:38
To: Morris, Andi
Subject: Re: Comparing hosts on a network to text file

How are devices connecting? Are they connecting to an access point or directly via cable? If this is for security 
reasons you may want to look at other options, such as VLAN segments, IDS, IPS, DHCP scopes, port blocking, Mac 
filtering, NAC... just to name a few. By the time you run a scan and compare the results an attacker has already 
gather the data they were looking for and left without a trace.
On Tue, Aug 7, 2012 at 9:37 AM, Morris, Andi <amorris () cardiffmet ac uk> wrote:
Hi all,
I'm looking to create a script, or use something already in existence to scan a network for hosts, returning the mac 
addresses active on the network.  The script should then compare the mac addresses discovered to a prepopulated text 
file and somehow notify me of any discrepancy.

I'd imagine nmap would be the tool I'm after.

The scenario is:
I have a network that has a filled DHCP scope.
When a user registers a device with us we assign them an IP address on the Windows DHCP server.
We are trying to avoid users manually giving themselves an IP address from this range and gaining access.
My plan was to have a script poll the network every 'n' minutes to compare the mac addresses on the network to those 
that we have reserved IPs for and to email the details of any rogue clients to a designated mailbox .

Does this sound feasible and does anyone know of a tool that would already exist for this before I spend hours 
learning and configuring nmap (not time badly spent I admit).

Cheers,
Andi

---------------------------------------------------------------
Andi Morris
Technical Security Analyst
Systems and Communications Services
Information Services Division
Cardiff Metropolitan University
Cardiff
Wales
CF5 2YB

02920 205720
--------------------------------------------------------------

________________________________

From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part 
of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent 
from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure 
that all of your contact records and databases are updated to reflect this change. Further information can be found 
on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>

Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid 
yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir 
o Brifysgol Fetropolitan Caerdydd yn cael eu danfon o'r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod 
yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan 
yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

RE: Comparing hosts on a network to text file Thomas JC Welch (Oct 03)