| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Aug 31 14:47:03 2005 From: gboyce at badbelly.com (Gregory Boyce) Subject: Re: Tool for Identifying Rogue Linksys Routers On Fri, 26 Aug 2005, Dave Hull wrote: > If the Linksys devices are DHCP clients themselves, you might be able > to use DHCPFingerprint to locate them when they renew their leases. The only problem with this is that the Linksys is serving out IP addresses via DHCP. Linksys routers generally have a dedicated WAN port, and a few LAN ports. They are DHCP clients on the WAN port, and have a configurable DHCP server on the LAN ports. If this device is serving out DHCP addresses to the network, then the LAN side of the linksys is plugged into their network. Assuming that the main priority here is to stop the rogue DHCP server on the network, I would configure a machine with an address in the 192.168.1.0/24 subnet, and try accessing the device on its default IP (192.168.1.1) in a web browser. The default username/password is often "admin"/"admin". Otherwise you can look up the default by looking online for that model (I believe the login link gives the model number). If they haven't changed the password, you can now disable the DHCP server. Of course you'll still want to track down the device in order to shut off the most likely unsecured wireless access to your network. Since you've been accessing the system, you should have the MAC in your ARP cache for 192.168.1.1. Other people have mentioned ways to track down the system based on the mac. -- Greg Boyce
Powered by blists - more mailing lists