Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Scan for "outsider" Pcs on network

from [Eagle Fire] Network Security [Permanent Link]
Subject: Re: Scan for "outsider" Pcs on network
Date: Fri, 17 Mar 2006 15:51:07 +0000 
   Yes, but the hub must be deployded by someone who has a usernameand password 
to connect to your network. It is like you wonÂt usekeylocks in the door just 
because someone can lend the key to some onenot authorized. So for me, wireless 
and wired is the same.
-tlecu


On 15/03/06, auto62996@hushmail.com <auto62996@hushmail.com> wrote:> 802.1X 
works quite well in a wireless environment where there is> continual 
authentication of the client but it can be subverted on a> wired LAN simply by 
using a $10 hub. Attaching a legitimate device> to the hub will keep the switch 
port open and allow anything else> you connect to the hub to access the LAN.>> 
-----Original Message-----> From: Eagle Fire 
[mailto:tlecuauhtli@googlemail.com]> Sent: 13 March 2006 10:06> To: 
focus-ids@securityfocus.com> Subject: Re: Scan for "outsider" Pcs on network>>> 
 Could be 802.1X an alternative? Probably hard to deploy, switches> and 
wireless AP with the feature and some OS challenges but it may> be a 
solution.>>  -tlecu>> On 09/03/06, Ron Gula <rgula@tenablesecurity.com> wrote:> 

At 05:15 AM 3/6/2006, Mircea MITU wrote:> > >On Thu, 2006-03-02 at 23:47 

+0000, dhamm@jackofallgames.com> wrote:> > > > Is there a way to setup a scan 
and be notified of an> intruding pc> > > > that is physically plugged into the 
network?> > >> > >Sure, use arpwatch.> >> > Actually, this will find "new" 
hosts all the time with little> > discrimination between a new valid laptop on 
the LAN and a> visiting> > consultant in the conference room.> >> > A lot of 
SIMs have the ability to process log files (such as> those of> > arpwatch or 
the dhcp logs of a Windows server) and identity the> MAC> > address. If you can 
recognize a "new" MAC address and also> associate> > it with something 
interesting like "the conference room" or "the> > server farm" you can specify 
different levels of alerting or> logging.> > An example of this is here in one 
of Tenable's TASL event> correlation> > rules:> >> > 
http://cgi.tenablesecurity.com/tasl/new_mac.tasl> >> > The particular script is 
simple in that it just alerts on> > a new MAC addr. Different scripts could 
consume output of this> script> > and have 2nd order alerts depending on the 
location of the IP> address> > issued, the type of MAC, .etc.> >> > Ron Gula, 
CTO> > Tenable Network Security> >> >>>>>> Concerned about your privacy? 
Instantly send FREE secure email, no account required> 
http://www.hushmail.com/send?l=480>> Get the best prices on SSL certificates 
from Hushmail> https://www.hushssl.com?l=485>>
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IDS Analyst skill set, Maarten Van Horenbeeck
Next by Date:  IDS vs. IPS deployment feedback, watsont
Previous by Thread:  RE: Scan for "outsider" Pcs on network, Craig Wright
Next by Thread:  Re: Scan for "outsider" Pcs on network, auto62996
Indexes:  [Date] [Thread] [Top] [All Lists]