Re: Network scanning

From: Jeff Lumley (jlumley_at_forfend.org)
Date: 08/12/03

  • Next message: Sebastian Schneider: "Re: SmartCards" 
    To: <security-basics@securityfocus.com>
Date: Tue, 12 Aug 2003 13:19:47 -0400

    HP managed switches have this feature too, as a bonus you can also specify
    whether it should "learn" the authorized MAC and limit the number of
    simultanious MACs on a port, or specify which addresses are allowed. Then
    (as Ethan indicated) you can send a trap and/or disable the port - both set
    an intrusion flag on the port. Pretty cool I thought!
    ----- Original Message -----
    From: "Ethan" <ethan@shame.mine.nu>
    To: "'Sebastian Schneider'" <ses@straightliners.de>; "'CHRIS GRABENSTEIN'"
    <LFGRABC@LF.VCCS.EDU>; <security-basics@securityfocus.com>
    Sent: Monday, August 11, 2003 9:06 PM
    Subject: RE: Network scanning

    Most newer switches can lock down how many mac addresses are allowed to
    be sourced on one port.. if that amount is reached, the port can be
    disabled or other action taken (snmp trap, etc)... I know there are
    plenty of cisco switches that do this anyhow, I'm sure there are
    others...

    Ethan

    -----Original Message-----
    From: Sebastian Schneider [mailto:ses@straightliners.de]
    Sent: Friday, August 08, 2003 12:10 PM
    To: CHRIS GRABENSTEIN; security-basics@securityfocus.com
    Subject: Re: Network scanning

    On Friday 08 August 2003 14:19, CHRIS GRABENSTEIN wrote:

    > As far as the hard wires, I think the best solution is to search out
    those
    > unused ports and unplug them from the switch. They can be quickly
    > reconnected if needed, and you'll know about it.

    I guess you're actually aware, that not everyone is locking up rooms
    containing switches.
    And just plugging out unused cables won't be sufficient, since usually
    I just can plug out any computer and plug in my own.

    > |-----Original Message-----
    > |From: netsec novice [mailto:netsec9@hotmail.com]
    > |Sent: Thursday, August 07, 2003 4:51 PM
    > |To: security-basics@securityfocus.com
    > |Subject: Network scanning
    > |
    > |
    > |Are there tools out there that would allow system administrators to
    be
    > |notified when a new workstation attaches to a network? I'm
    > |thinking both
    > |wireless and ethernet in this case. SNMP maybe? I am in a
    > |credit union
    > |environment and my concern is that someone would be able to steal an
    > |existing jack or a jack that is not physically protected but
    > |live and be
    > |able to capture traffic or do reconaissance. We don't have
    > |Wireless access
    > |at this point but may look to it in the future. My only
    > |thought in that
    > |case would be to encrypt all traffic since wireless security
    > |is a bit scary
    > |at this point. Any ideas?
    >
    >
    ------------------------------------------------------------------------ 

    ---
>
------------------------------------------------------------------------
---
>-
-- 
-----------------------------
straightLiners IT Consulting & Services
Sebastian Schneider
Metzer Str. 12
13595 Berlin
Germany
Phone: +49-30-3510-6168
Fax: +49-30-3510-6169
Mail: ses@straightliners.de
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich
erhalten haben,
informieren Sie bitte sofort den Absender und vernichten Sie diese Mail.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist
nicht
gestattet.
This e-mail may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this e-mail in
error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized
copying,
disclosure or distribution of the material in this e-mail is strictly
forbidden.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: Sebastian Schneider: "Re: SmartCards"

    Relevant Pages

    • Re: Static IP outside of router DHCP range
      ... Unfortunately my 8 clients are little $50 boxes with an Ethernet port and yellow, red, and white outputs for composite NTSC video and stereo audio, but no provisions whatsoever to flash their NVRAM. ... So I have no way to either reserve IP addresses based on Mac addresses, nor do I have a way to set them up as static. ... I still am wondering if my Netgear switches truly have any "memory" of the ports associated with specific IP addresses of the connected clients, as they have no reset or reboot function as far as I know. ...
      (alt.comp.hardware.pc-homebuilt)
    • Re: ROGUE APs at Work - How to locate them?!
      ... If you have the MAC address and you have ethernet switches that are smart ... MAC address, then you lookup that MAc address on the switches until you find ... the hardware port. ... network card in the PC could unplug the computer, ...
      (alt.internet.wireless)
    • Re: How to block a client from DHCP?
      ... server, and compliant operating systems. ... Another option is to use switches that can protect the network based on mac ... My HP2512 switch also can do port isolation ...
      (microsoft.public.windows.server.networking)
    • Re: IP address conflicts
      ... I'm about the 4th or 5th successor to this network. ... > have to go without since we don't have the money for new switches" ... You need to be able to query the mac table in the switch ... > to see what port that address is coming in from. ...
      (freebsd-questions)
    • Re: Seeing unexpected skinny heartbeats when sniffing IP phones network traffic
      ... :supposedly a normal occurance when the switches MAC table gets filled ... :its table, it sends it out all its ports; not as a broadcast packet, ... :but essentially a broadcast because it is sent out every port. ...
      (comp.dcom.sys.cisco)