Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Scan for "outsider" Pcs on network

from [Jean-Philippe Luiggi] Network Security [Permanent Link]
Subject: Re: Scan for "outsider" Pcs on network
Date: Mon, 20 Mar 2006 14:53:01 -0500 
On Fri, Mar 17, 2006 at 02:41:10PM -0800, Kurt Buff wrote:

On 2 Mar 2006 23:47:59 -0000, dhamm@jackofallgames.com
<dhamm@jackofallgames.com> wrote:

Is there a way to setup a scan and be notified of an
intruding pc that is physically plugged into the network?


Just one suggestion:

Write a script that visits all of your switches/routers and gets their
tables of pairs of ports and MAC addresses, then dump them into a
database. Schedule it to do this periodically, say every 5-10 minutes.
Kind of a roll-your-own distributed arpwatch, but it's what I'm doing
by hand for our 6 48-port Cisco switches. Unfortunately, I don't have
the scripting knowledge (Expect? PERL? Something else? SNMP, telnet or
maybe some other query method?) to do this, though I know people have
done it.

And, of course, the obligatory plea to share if you have such a script.


 Hello,
 
 Just to mention : netdisco
 
 Netdisco is an Open Source web-based network management tool.
 
 Designed for moderate to large networks, configuration information and
 connection data for network devices are retrieved by SNMP. With Netdisco
 you can locate the switch port of an end-user system by IP or MAC address.
 Data is stored using a SQL database for scalability and speed.
 Cisco Discovery Protocol (CDP) optionally provides automatic discovery of
 the network topology. The network is inventoried by both device model and
 operating system (like IOS). Netdisco uses router ARP tables and L2 switch
 MAC forwarding tables to locate nodes on physical ports and track them by
 their IP addresses. For each node, a time stamped history of the ports it
 has visited and the IP addresses it has used is maintained. Netdisco gets
 all its data, including CDP topology information, with SNMP polls and DNS
 queries. It does not use CLI access and has no need for privilege
 passwords. Security features include a wire-side Wireless Access Point (AP)
 locator.
 
 
 Best regards.
 

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: IDS vs. IPS deployment feedback, Carey, Steve T GARRISON
Next by Date:  RE: Scan for "outsider" Pcs on network, Craig Wright
Previous by Thread:  Re: Scan for "outsider" Pcs on network, Kurt Buff
Next by Thread:  RE: Scan for "outsider" Pcs on network, Craig Wright
Indexes:  [Date] [Thread] [Top] [All Lists]