Re: Modem detection in a LAN

From: R. DuFresne (dufresne@sysinfo.com)
Date: 03/09/02 

Date: Sat, 9 Mar 2002 15:25:30 -0500 (EST)
From: "R. DuFresne" <dufresne@sysinfo.com>
To: Jacek Lipkowski <sq5bpf@acid.ch.pw.edu.pl>

Why not check those machines for ppp and slip network interfaces? Some
folks certainly might not require dhcp and it should not be getting dhcp
assignment from the internal LAN for an external connection outside that
LAN.

Thanks,

Ron DuFresne

On Fri, 8 Mar 2002, Jacek Lipkowski wrote:

> On Fri, 8 Mar 2002, Olivier Busolini wrote:
>
> > I have been very interested by the information found, and I am now looking
> > for a simple automated tool that could be run to detect a modem connected to
> > an *nix or windows machine in a LAN.
>
> If you have a dhcp server on the network look at the dhcp client ID's.
> A standard NT box will reserve a pool of IPs for modems. The client
> identifiers for those leases will start with 0x52 0x41 0x53 or "RAS". This
> should also be true for win2000. Also, someone told me once that windows
> platforms broadcast some junk to the network periodically when they have a
> modem attached (probably some plug and pray mechanism).
>
> For unix boxes you could try a script that greps /etc/inittab for unusual
> getty entries (if you have access to those machines).
>
> Still wardialing is your best bet.
>
> jacek
>
>
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: Active Directory Setup Advice
    ... A domain is really an entity with a single security remit. ... seen as on the same network it will be like one big network. ... Under one domain all machines have to be unique in naming scheme. ... sub domains you can have same names under different domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to access I/O port directly in VC6.0?
    ... As soon as you have standalone machines, ... Their "security" as far as servers was a joke; ... discovered the internal wireless network was completely unencrypted. ...
    (microsoft.public.vc.mfc)
  • Risks Digest 25.33
    ... States throw out costly electronic voting machines ... San Francisco officials looking for hidden network device ... Risks of better security ... ...
    (comp.risks)
  • RE: Down with DHCP!!!!
    ... Managing/monitoring the DHCP pools as assignments yourself ... -Other management tools as in Asset ... Security Administrator ... Network Operations-ICW Group ...
    (Security-Basics)
  • Re: Biometrics
    ... > great grasp of the security aspect of protecting computers. ... Use Windows 98 Second Edition Machines as a safety internal> protocol ... > Gateway to the Network. ... Maintain certain machines as off-line only in locked and secure> rooms ...
    (microsoft.public.security)