PaulDotCom mailing list archives
Monitoring WIFI Network for Malicious Use
From: carlhester at gmail.com (Carl Hester)
Date: Mon, 3 Nov 2008 08:58:40 -0500
(Sorry if you get this twice, I think I sent it from the wrong address earlier) Sounds like a good candidate for outbound filtering. We employ a URL filter, outbound firewall rules and a dedicated IPS segment to our public wireless. Just because you're allowing "open" access to your wireless doesn't mean you can't restrict what it's being used for. Additionally, our public wifi is connected to its own DMZ segment. The URL filter and firewall rules allow the common protocols that any regular user might need as well as logging all the connections. The IPS prevents common attacks from originating from your IP range. We're not afraid to allow our IPS to temporarily quarantine dynamic wifi IP addresses if we catch them doing something suspicious. I guess it depends on what malicious usage you're looking to prevent. (or impede) Carl 2008/11/3 Arch Angel <arch3angel at gmail.com>
What about passing it through a firewall or a network device that will allow for tcpdump and then take that to either a log server or other device where you can run a website that displays the items you want to look for? On Sat, Nov 1, 2008 at 2:34 PM, <infolookup at gmail.com> wrote:Its kind of confusing see its a college, and the last class is at 9pm but faculty members might stick around later, the are also Saturday classes too. That's why I am looking for a way to monitor the LAN ((wifi) and get an idea of a baseline, so I can try to pick up whenever the are malicious usage ------Original Message------ From: Robin Wood Sender: To: infolookup at gmail.com To: PaulDotCom Security Weekly Mailing List Sent: Nov 1, 2008 1:29 PM Subject: Re: [Pauldotcom] Monitoring WIFI Network for Malicious Use 2008/10/31 <infolookup at gmail.com>:So my real question is what can we do to monitor the LAN this way if weknow that no users are there after 7 pm and there is access then its not allowed. Why not just power it down at 7PM? Why monitor when you can just disable it? Robin Sent from my Verizon Wireless BlackBerry _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081103/44fdf854/attachment.htm
Current thread:
- Monitoring WIFI Network for Malicious Use infolookup at gmail.com (Oct 31)
- Monitoring WIFI Network for Malicious Use Robin Wood (Nov 01)
- <Possible follow-ups>
- Monitoring WIFI Network for Malicious Use infolookup at gmail.com (Nov 01)
- Monitoring WIFI Network for Malicious Use Arch Angel (Nov 02)
- Monitoring WIFI Network for Malicious Use Carl Hester (Nov 03)
- Monitoring WIFI Network for Malicious Use Paul Asadoorian (Nov 03)
- Monitoring WIFI Network for Malicious Use Mike Patterson (Nov 03)
- Monitoring WIFI Network for Malicious Use Arch Angel (Nov 02)
- Monitoring WIFI Network for Malicious Use kbob at mchsi.com (Nov 03)