| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Jul 11 12:35:27 2005 From: jlauro at umflint.edu (Lauro, John) Subject: how to bypass rouge machine detection techniques Some low-end NAT routers will automatically take over the MAC address of the first device plugged into it. (Designed to allow easy plug-n-play into a cable modem that only supports one MAC address behind it, without having to reboot the cable modem). It will fail detection if such a device is used. (Not to mention the many ways to avoid detection if you purposely mask yourself). > -----Original Message----- > From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure- > bounces@...ts.grok.org.uk] On Behalf Of Gaurav Kumar > Sent: Monday, July 11, 2005 5:59 AM > To: full-disclosure@...ts.grok.org.uk > Subject: [Full-disclosure] how to bypass rouge machine detection > techniques > > Friends, > > There are several techniques available for detecting rouge (not being > a member of trusted domain) machines, such as active scanning, active > directory querying etc, but I guess most powerful being the one used > by epolicy orchestrator. Its agents (deployed on each subnet) checks > for L2 broadcasts like Arp broadcast etc. After detecting a broadcast, > it used the mac address and ip address to proceed further to detect > whether the machine is rouge or not. > > http://www.networkassociates.com/us/local_content/white_papers/wp_epo3 _5_r > sdwhitepaper_july2004.pdf > > I was wondering if this approach is foolproof and can be safely > deployed or if there is a way to bypass it?
Powered by blists - more mailing lists