lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Aug 2005 21:41:12 -0300 From: Paul Halliday <paul.halliday@...il.com> To: Matt Mercer <MattM@...amidcorporation.com> Cc: bugtraq@...urityfocus.com, Martin Mkrtchian <dotsecure@...il.com> Subject: Re: Tool for Identifying Rogue Linksys Routers Why not arpwatch? It is tiny, simple and passive. On 8/25/05, Matt Mercer <MattM@...amidcorporation.com> wrote: > Hi Martin, > > >We are migrating from Lucent QIP to MetaIP for DHCP services and so > >far we have had two issues when MetaIP has been implemented for VLAN > >that has an unauthorized Linksys router giving out IP addresses. > > If you have an IDS such as Snort configured on your network, it would be > fairly straightforward to build a configuration watching for DHCP > traffic on specific VLANs not originating from legitimate servers (as > defined by you, The Administrator). > > Find a helpful article here describing such a scenario: > > http://security.itworld.com/4363/ITW3542/page_1.html > > HTH, > > Matt > -- _________________ Paul Halliday http://dp.penix.org "Diplomacy is the art of saying "Nice doggie!" till you can find a rock."
Powered by blists - more mailing lists