Re: OT: the detection of illegal gateways



Citerar J Hein <j.hein@xxxxxxxxx>:

Are there any good products for detecting illegally installed boxes with a routing capability? One of my fellow consultants suggested IP Sonar (by Lumeta) for this purpose which (as he claims) has been successfully used by BT in the past. From the product description I've got an impression that IP Sonar cleverly uses traceroute for detecting routers that illegally exchange information between internal networks and the internet (so called "network leaks").

Wouldn't that just be something like:

route add host 1.1.1.1 gw suspecthost
traceroute 1.1.1.1

And see what suspecthost does. Repeat for other suspects.

For this to work, you have to be on the same network as suspecthost. I don't think it is possible to check this reliably otherwise.

Ulric


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------