Re: Network Security
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 03/16/05
- Next message: Moe Trin: "Re: Network Security"
- Previous message: SPIKE: "No Address Rewriting for internal mail howto?"
- In reply to: Tommy Reynolds: "Re: Network Security"
- Next in thread: Ivan Marsh: "Re: Network Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 15 Mar 2005 17:45:01 -0600
In article <pan.2005.03.14.20.28.08.954118@yahoo.com>, Tommy Reynolds wrote:
>I'm afraid that the DHCP approach isn't going to help any at all. It
>would take me about 10 seconds to circumvent.
Agreed
>Simply look at the IP address of the office computer and then ping "N+1"
>until I get no answer and then set a static IP address.
Do all of your systems reply to a ping? I know that none of the systems
in IT or Security do, and at least a few of the workstations don't either.
Looking in your ARP cache after trying to ping will show this problem.
>Now, you are in for some real fun when the forged "N+1" address gets
>legitimately assigned by DHCP...
or when the system that owns it, but isn't answering pings tries to use
the networks.
However about that time, the security guards and a couple of network
people should have already arrived trying to find the unauthorized
system.
>Or, just keep the arpwatch active and have it mail alerts to your boss's
>pager ;-)
See my response - we use something like arpwatch, and we also monitor
the arp caches on the servers and routers. Twice, I've arrived at the
miscreant before his computer finished booting. The clown really should
have been clued by the thunder of footsteps as the SWAT team arrived.
Old guy
- Next message: Moe Trin: "Re: Network Security"
- Previous message: SPIKE: "No Address Rewriting for internal mail howto?"
- In reply to: Tommy Reynolds: "Re: Network Security"
- Next in thread: Ivan Marsh: "Re: Network Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
