lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20050712124513.622FC33C23@mailserver5.hushmail.com> Date: Tue Jul 12 14:55:49 2005 From: amrnems at hushmail.com (amrnems@...hmail.com) Subject: how to bypass rogue machine detection techniques -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Great physical access is a must when dealing with rogue devices on a physical network. But using 802.1x, and disabling the unused ports would probably be your best answer. If you just implement 802.1x or as you first mentioned, some kind of port scanning, then you would never be able to detect a person with a “receive” only cable connected to you switch. AmRnEmS - -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full- disclosure-bounces@...ts.grok.org.uk] On Behalf Of Gaurav Kumar Sent: Monday, July 11, 2005 4:59 AM To: full-disclosure@...ts.grok.org.uk Subject: [Full-disclosure] how to bypass rouge machine detection techniques Friends, There are several techniques available for detecting rouge (not being a member of trusted domain) machines, such as active scanning, active directory querying etc, but I guess most powerful being the one used by epolicy orchestrator. Its agents (deployed on each subnet) checks for L2 broadcasts like Arp broadcast etc. After detecting a broadcast, it used the mac address and ip address to proceed further to detect whether the machine is rouge or not. http://www.networkassociates.com/us/local_content/white_papers/wp_ep o3_5_rsdwhitepaper_july2004.pdf I was wondering if this approach is foolproof and can be safely deployed or if there is a way to bypass it? Regards, Gaurav _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkLTu1MACgkQcExBwOFdkZGK+wCeNKxnA/QoMt97JGLNUcYfvJe5gdgA n081SOqPudl7p9eZnW1t9liwdpi+ =eNjB -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427
Powered by blists - more mailing lists