RE: How to find a changing IP on ethernet network
From: Rosenhan, David (David.Rosenhan_at_swiftbrands.com)
Date: 03/03/04
- Previous message: Brian Whitehead: "Re: Linux Distribution Recomendation"
- Maybe in reply to: David Gillett: "RE: How to find a changing IP on ethernet network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 3 Mar 2004 08:29:27 -0700 To: "Gary Freeman" <Gary.Freeman@rci.rogers.com>, "Hoang, Binh P,,DMDCWEST" <Hoangbp@osd.pentagon.mil>, "Khaled" <lists@sonicc.net>, <gillettdavid@fhda.edu>, "Bhavani Suresh" <bhavani.suresh@adnoc-dist.co.ae>, "Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA" <lists@infostruct.net>, <security-basics@securityfocus.com>
The other cool thing about dot1x on the Cat6k's is if a user does not
authenticate they can be automatically sent to a "guest" VLAN that may
only have access to the internet or whatever you desire (configuring an
ACL on that VLAN interface), pretty cool stuff!
David Rosenhan, CCNP
Information Technology
-----Original Message-----
From: Gary Freeman [mailto:Gary.Freeman@rci.rogers.com]
Sent: Tuesday, March 02, 2004 10:54 AM
To: Hoang, Binh P,,DMDCWEST; Khaled; gillettdavid@fhda.edu; Bhavani
Suresh; Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA;
security-basics@securityfocus.com
Subject: RE: How to find a changing IP on ethernet network
Hey there,
Port Security is a good Cisco feature for a small LAN but when working
with large networks with roaming users, I would use Port Authentication
in conjunction with Port Security. Cisco's new buzzword for this is
Identity Based Network Security (IBNS) and uses 802.1x at the client
level (supplicant) to authenticate the user against a RADIUS server.
The switch acts as an authentication proxy and will enable or disable
the port based on the RADIUS response to the MD5 challenge. The best
part of doing dot1x with Port Security is that the MAC addresses are
stored in the user profile centrally and don't require each switch port
to be hard-coded with the MAC address.
Cheers,
Gary Freeman
Network Security Specialist
RSS-IT Security Team
Rogers Communications Inc.
-----Original Message-----
From: Hoang, Binh P,,DMDCWEST [mailto:Hoangbp@osd.pentagon.mil]
Sent: Monday, March 01, 2004 7:02 PM
To: 'Khaled'; gillettdavid@fhda.edu; 'Bhavani Suresh'; 'Gideon T.
Rasmussen, CISSP, CISM, CFSO, SCSA'; security-basics@securityfocus.com
Subject: RE: How to find a changing IP on ethernet network
I'm sure he meant SNMP trap not SMTP. Anyhow, it's all good!
Binh
-----Original Message-----
From: Khaled [mailto:lists@sonicc.net]
Sent: Monday, March 01, 2004 12:21 PM
To: gillettdavid@fhda.edu; 'Bhavani Suresh'; 'Gideon T. Rasmussen,
CISSP,
CISM, CFSO, SCSA'; security-basics@securityfocus.com
Subject: RE: How to find a changing IP on ethernet network
Hi David,
If this wasn't the security basics list I would not have replied :)
The trap you refer to is of course an SNMP trap not SMTP trap (sorry
about
being @nal)
Regards,
K.
-----Original Message-----
From: David Gillett [mailto:gillettdavid@fhda.edu]
Sent: Saturday, 28 February 2004 5:18 AM
To: 'Bhavani Suresh'; 'Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA';
security-basics@securityfocus.com
Subject: RE: How to find a changing IP on ethernet network
If you're using Cisco Catalyst switches, this feature is called "port
security". Enable it, tell it how many MAC addresses to allow per port,
and
whether, when this number
is exceeded, to issue an SMTP trap to your Network Management
package, or shut down the switch port.
Of course, if you're using some other equipment, you need
to find out what features, if any, that equipment offers.
David Gillett
> -----Original Message-----
> From: Bhavani Suresh [mailto:bhavani.suresh@adnoc-dist.co.ae]
> Sent: Wednesday, February 25, 2004 2:36 AM
> To: Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA;
> security-basics@securityfocus.com
> Subject: RE: How to find a changing IP on ethernet network
>
>
>
> Following up this..i want to know at the network level any software
> can bind the MAC Addresses to the ports (and to take current MAC
> Addresses in the network automatically)so that no new ip address can
> be allocated
> without the consent of the network admin. This will also
> ensure security
> so that non one just plugs in a pc or laptop..
>
> Any idea..
>
> -----Original Message-----
> From: Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA
> [mailto:lists@infostruct.net] Sent: Saturday, February 21, 2004 20:12
> To: security-basics@securityfocus.com
> Subject: Re: How to find a changing IP on ethernet network
>
>
>
> Ivan,
>
> This is an interesting situation. Here are a few possible ways to
> address it:
>
> 1. Send an e-mail to the user community explaining the problem and
> asking them to leave their IP address configurations alone.
>
> 2. In case you don't know, as the new system boots it announces its IP
> address to the network. If another system already has that IP address,
> it will reply and the new system will shut down the interface running
> the duplicate IP.
>
> a. From the new system, run the arp command (arp -a).
>
> C:\> arp -a
>
> Interface: 192.168.2.100 --- 0x20002
> Internet Address Physical Address Type
> 192.168.2.1 00-06-25-c0-93-65 dynamic
>
> This will list the IP address and associated MAC (hardware) address
> (e.g. 00-06-25-c0-93-65).
>
> b. Now all you need to do is find out which system has that MAC
> address:
>
> C:\> ipconfig /all (output abbreviated)
>
> Physical Address. . . . . . . . . : 00-06-25-c0-93-65
>
> 3. You could also use tcpdump or windump
> (http://windump.polito.it) to sniff the network traffic for
> that specific IP and view the resulting dump file with
> Ethereal (http://www.ethereal.com). This is a bit advanced
> for the average user.
>
> If you have any additional questions, please do not hesitate to
> contact me.
>
> Kind regards,
>
> Gideon
>
> Gideon T. Rasmussen
> CISSP, CISM, CFSO, SCSA
> Boca Raton, FL
> gideon@infostruct.net
>
> National Security Awareness Day - September 10, 2004 - Are you aware?
>
> Subject: How to find a changing IP on ethernet network
> From: Ivan Andres Hernandez Puga <ivan.hernandez@globalsis.com.ar>
> Date: Fri, 20 Feb 2004 11:54:29 -0300
> To: security-basics@securityfocus.com
>
> Hello. I have a client with a simple Ethernet network with HUB's
> connecting and there is one person that is changing it's IP and
> creating
>
> conflicts. What would you do to track down that person? i mean, to
> find who does that?
>
> Thanks!
>
> Ivan Hernandez
>
>
>
>
> --------------------------------------------------------------
> ----------
> ---
> Free trial: Astaro Security Linux -- firewall with Spam/Virus
> Protection
>
> Protect your network with the comprehensive security solution that
> integrates six applications for ease of use and lower TCO.
>
> Firewall - Virus protection - Spam protection - URL blocking - VPN
> - Wireless security.
>
> Download 30-day evaluation at:
> http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
> --------------------------------------------------------------
> ----------
> ----
>
>
> ************************************************************
> Please note that our domain name has been changed to: adnoc-dist.ae;
> Hence please change the email ID to reflect the new domain name. This
> communication may contain confidential information. If you are not the
> intended recipient, then please inform us immediately. Adnoc
> Distribution-Tel:02-6771300 Fax:02-6722322
> Email:webmaster@adnoc-dist.ae
> Website: www.adnoc-dist.ae
> This message was scanned @ Adnoc distribution
>
> ************************************************************
>
> ************************************************************
> Please note that our domain name has been changed to: adnoc-dist.ae;
> Hence please change the email ID to reflect the new domain name.
> This communication may contain confidential information.
> If you are not the intended recipient, then please inform us
> immediately.
> Adnoc Distribution-Tel:02-6771300 Fax:02-6722322
> Email:webmaster@adnoc-dist.ae Website: www.adnoc-dist.ae
> This message was scanned @ Adnoc distribution
>
> ************************************************************
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> --------------
>
------------------------------------------------------------------------
--- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_security-basics_040301 ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_security-basics_040301 ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_security-basics_040301 ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.securityfocus.com/sponsor/InfoSecInstitute_security-basics_040303 ----------------------------------------------------------------------------
- Previous message: Brian Whitehead: "Re: Linux Distribution Recomendation"
- Maybe in reply to: David Gillett: "RE: How to find a changing IP on ethernet network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
