Re: OT: the detection of illegal gateways
- From: ulric@xxxxxxx
- Date: Wed, 19 May 2010 09:14:49 +0200
Citerar J Hein <j.hein@xxxxxxxxx>:
Are there any good products for detecting illegally installed boxes with a routing capability? One of my fellow consultants suggested IP Sonar (by Lumeta) for this purpose which (as he claims) has been successfully used by BT in the past. From the product description I've got an impression that IP Sonar cleverly uses traceroute for detecting routers that illegally exchange information between internal networks and the internet (so called "network leaks").
Wouldn't that just be something like:
route add host 1.1.1.1 gw suspecthost
traceroute 1.1.1.1
And see what suspecthost does. Repeat for other suspects.
For this to work, you have to be on the same network as suspecthost. I don't think it is possible to check this reliably otherwise.
Ulric
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- References:
- OT: the detection of illegal gateways
- From: J Hein
- OT: the detection of illegal gateways
- Prev by Date: Re: CVE Security vulnerability database web site
- Next by Date: Re: WRT120N
- Previous by thread: RE: OT: the detection of illegal gateways
- Next by thread: Re: OT: the detection of illegal gateways
- Index(es):
