From: Michael Balasko <michael.balasko@cityofhenderson.com>
To: it clown <suse@mailbox.co.za>, netfilter@lists.netfilter.org
Subject: Re: Who is connected to network
Date: Wed, 05 Jan 2005 08:38:43 -0800 [thread overview]
Message-ID: <41DC1813.1040505@cityofhenderson.com> (raw)
In-Reply-To: <web-580674226@mail01.infosat.net>
Currently we have coded something in house that scrubs all the
connectivity devices for the mac addresses and will email us when an
unauthorized device shows up on the network (All Cisco gear). There is
work in progress to expand this to automatically clip the port and fire
off a series of emails and other actions. Additionally, all of the
ports on the switches are configured to allow only one device into a
port, so it would be very difficult to drop a hub in place and start
sniffing. There are also a few other tricks in place to prevent man in
the middle attacks and a few other exploits.
As far as the wireless stuff goes, it would be amazingly difficult but
not impossible to get it right. Our AP's will not allow authentication
without the client mac being pounded into our ACS servers.(MAC spoofing
isn't all that hard, but) Also the AP's don't broadcast the
SSID's(fairly easy to get around). In the case that someone gets the
first two right, they need to then figure out the name of the VPN
servers. We do not allow any type of access from the AP's without a VPN
session established. Then they need to get the VPN settings right and
also need to have a user account comprised that had VPN access. Not
impossible, but quite difficult for someone to do without making any
"noise" that we would be alerted on. At that point the access lists on
the AP's keep you from really touching any of the gear that would hurt us.
All that being said there are million of exploits out there and lots of
tools, but we feel that we have a fairly good system in place to deter
all but the very skilled and very determined person out there.
Hope that provides a bit of info you were looking for. Feel free to ask
any ?'s if you have any.
Mike Balasko
Network Specialist II
City of Henderson
it clown wrote:
>Is there a way to see who is connected to your network.
>
>Say if you have a wireless network and you need to know if
>someone got it right to get onto your network.
>
>How do you monitor that and how do you prevent it?
>
>Even on a normal network how could you monitor who is
>connected to your network?
>
>Regards
>_____________________________________________________________________
>For super low premiums, click here http://www.dialdirect.co.za/quote
>
>
>
next prev parent reply other threads:[~2005-01-05 16:38 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-05 7:10 Who is connected to network it clown
2005-01-05 16:38 ` Michael Balasko [this message]
2005-11-29 10:20 ` Alexander E. Belck
2005-01-06 12:36 ` Jose Maria Lopez
-- strict thread matches above, loose matches on Subject: below --
2005-01-05 22:09 alexb
2005-01-05 22:57 ` Michael Balasko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=41DC1813.1040505@cityofhenderson.com \
--to=michael.balasko@cityofhenderson.com \
--cc=netfilter@lists.netfilter.org \
--cc=suse@mailbox.co.za \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.