lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <2dab70a305082617413ea71728@mail.gmail.com>
Date: Fri, 26 Aug 2005 21:41:12 -0300
From: Paul Halliday <paul.halliday@...il.com>
To: Matt Mercer <MattM@...amidcorporation.com>
Cc: bugtraq@...urityfocus.com, Martin Mkrtchian <dotsecure@...il.com>
Subject: Re: Tool for Identifying Rogue Linksys Routers


Why not arpwatch? It is tiny, simple and passive.

On 8/25/05, Matt Mercer <MattM@...amidcorporation.com> wrote:
> Hi Martin,
> 
> >We are migrating from Lucent QIP to MetaIP for DHCP services and so
> >far we have had two issues when MetaIP has been implemented for  VLAN
> >that has an unauthorized Linksys router giving out IP addresses.
> 
> If you have an IDS such as Snort configured on your network, it would be
> fairly straightforward to build a configuration watching for DHCP
> traffic on specific VLANs not originating from legitimate servers (as
> defined by you, The Administrator).
> 
> Find a helpful article here describing such a scenario:
> 
> http://security.itworld.com/4363/ITW3542/page_1.html
> 
> HTH,
> 
> Matt
> 


-- 
_________________
Paul Halliday
http://dp.penix.org

"Diplomacy is the art of saying "Nice doggie!" till you can find a rock."

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ