Educause Security Discussion mailing list archives
10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide?
From: Glenn Forbes Fleming Larratt <gl89 () CORNELL EDU>
Date: Mon, 30 Apr 2007 09:41:59 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Might you optimize your process by polling your router infrastructure for live ARP entries, and only scanning those? - -- Glenn Forbes Fleming Larratt Cornell University IT Security Office On Mon, 30 Apr 2007, Clifford Collins wrote:
Perhaps what I'm about to say should be forked to another discussion. Unlike the subject title, we are a small edu doing NAT using the large 10.0.0.0 private address block. As a result, I have the joy of scanning a large, empty space on a regular basis. This is a royal pain in the scanner. Am I wasting my time empirically verifying that our routers and switches aren't servicing rogue devices in the vastness of 16.7 million possible addresses? Should I only be concerned with the few dozen class C blocks we have assigned for official use? How do you deal with patrolling the alleys of your network? Clifford A. Collins Network Security Administrator Franklin University 201 South Grant Avenue Columbus, Ohio 43215 "Security is a process, not a product"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (MingW32) iD8DBQFGNfIsLyw7nZwiKgQRApeJAKCaqjzSgoIamQ2E2yJU58aWqCs4mQCgmpqz 4+MtMcFMU2HUsWERwrU7aEA= =k76J -----END PGP SIGNATURE-----
Current thread:
- 10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide? Glenn Forbes Fleming Larratt (Apr 30)