Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Scan for "outsider" Pcs on network

from [Kurt Buff] Network Security [Permanent Link]
Subject: Re: Scan for "outsider" Pcs on network
Date: Fri, 17 Mar 2006 14:41:10 -0800 
On 2 Mar 2006 23:47:59 -0000, dhamm@jackofallgames.com
<dhamm@jackofallgames.com> wrote:

Is there a way to setup a scan and be notified of an
intruding pc that is physically plugged into the network?
When you have an enviroment with a large amount of network
jacks, it's hard to make sure the ones no longer in use are turned
off, and that no "visitors" have sat down to use your network
connections, esp. if you have a large amount of contractors in and
out. It got me to searching the net, and so far I have found one
cemmercial product that can do it, but nothing else. Any suggestions?


Just one suggestion:

Write a script that visits all of your switches/routers and gets their
tables of pairs of ports and MAC addresses, then dump them into a
database. Schedule it to do this periodically, say every 5-10 minutes.
Kind of a roll-your-own distributed arpwatch, but it's what I'm doing
by hand for our 6 48-port Cisco switches. Unfortunately, I don't have
the scripting knowledge (Expect? PERL? Something else? SNMP, telnet or
maybe some other query method?) to do this, though I know people have
done it.

And, of course, the obligatory plea to share if you have such a script.

Kurt

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IDS Analyst skill set, Don Parker
Next by Date:  Re: IDS Tuning, Joel Esler
Previous by Thread:  Re: Scan for "outsider" Pcs on network, Alice Bryson
Next by Thread:  Re: Scan for "outsider" Pcs on network, Jean-Philippe Luiggi
Indexes:  [Date] [Thread] [Top] [All Lists]