Re: a few oddities - not really

From: JoshB (metrix007@yahoo.com)
Date: 08/01/02 

From: metrix007@yahoo.com (JoshB)
Date: 1 Aug 2002 01:59:39 -0700

"Richard Atkinson" <big@un.com> wrote in message news:<ai8a4o$1276uc$1@ID-29070.news.dfncis.de>...
> The switch may use ldap to authenicate the attached host and allow traffic
> to flow. If the switch queries an MS-Active Directory then not only host
> can be authenticated, but whatever you like (ports, software, user access
> for example).
> If you aren't authenticated then nothing happens.
>
> (PXE - Pre boot Execution Environment)
> PXE numbers (held on host NICs) are stored in an MS-Active Directory.
> According to what you define, the host may be installed or booted and
> allowed access to the network or whatever you have defined.
>
> I haven't seen a linux environment yet that can do this, but perhaps they
> use a *nix ldap host for some reason.
>
> A good IDS won't allow detection. If you can detect it, you probably
> shouldn't use that IDS.
>
>
> "JoshB" <metrix007@yahoo.com> wrote in message
> news:c52a4e65.0207300809.48168017@posting.google.com...
> > hey guys...
> >
> > just a few questions...
> >
> > has anyone ever heard of a switch with authentication? in this lan i
> > am working with, once on a network, you can not do anything until
> > atfer authentication? odd thing is, the authentication server is a
> > linux box according to nmap, listening on port 259 for requests to
> > authenticate. the ip of the gateway, according to he output of route
> > is !.!.61.252, as where the authentication server is !.!.61.252?
> >
> > next, they ask for the computers not to be reset, because when they
> > are, something simmilar to ghosting happenes, called PXE, only it says
> > requestiong client key....some type of layer 2 encryption on a NIC?
> > the program this is using is called rembo....?
> >
> > also, with arpspoof, i impersonate the gateway (or what i assumed is
> > the gateway according to route) and poision the whole network, then
> > listen with dsniff -c and even tcpdump (and of course ip forward is
> > on) i get no traffice from hostss, and the nework is in no way
> > affected?
> >
> > lastly, is there anyway to detect arpwatch or an IDS?
> >
> > thanks.

also, does anyone prefer etercap over dsniff, i know i certainly do....

Relevant Pages

  • understanding chkrootkit: sshd section
    ... Rhosts Authentication disabled, originating port will not be trusted. ... Secure connection to %.100s on port %hu refused%.100s. ... Warning: Remote host refused compression. ... Received RSA challenge from server. ...
    (comp.os.linux.security)
  • understanding chkrootkit: sshd section
    ... Rhosts Authentication disabled, originating port will not be trusted. ... Secure connection to %.100s on port %hu refused%.100s. ... Warning: Remote host refused compression. ... Received RSA challenge from server. ...
    (comp.security.unix)
  • Re: understanding chkrootkit: sshd section
    ... Connection will not be encrypted. ... > Rhosts Authentication disabled, originating port will not be trusted. ... > Could not request local forwarding. ... Remote host failed or refused to allocate a pseudo tty. ...
    (comp.os.linux.security)
  • Re: understanding chkrootkit: sshd section
    ... Connection will not be encrypted. ... > Rhosts Authentication disabled, originating port will not be trusted. ... > Could not request local forwarding. ... Remote host failed or refused to allocate a pseudo tty. ...
    (comp.security.unix)
  • Re: a few oddities - not really
    ... If the switch queries an MS-Active Directory then not only host ... >> PXE numbers are stored in an MS-Active Directory. ... >>> has anyone ever heard of a switch with authentication? ...
    (comp.security.misc)