RE: Tool for Identifying Rogue Linksys Routers

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Tool for Identifying Rogue Linksys Routers
From: "Matt Mercer" <MattM@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 25 Aug 2005 15:42:29 -0600
Cc: "Martin Mkrtchian" <dotsecure@xxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcWptxf5eMG2jD1yRl6t5GaJgwV5kAABdpJQ
Thread-topic: Tool for Identifying Rogue Linksys Routers

Hi Martin,

>We are migrating from Lucent QIP to MetaIP for DHCP services and so
>far we have had two issues when MetaIP has been implemented for  VLAN
>that has an unauthorized Linksys router giving out IP addresses.

If you have an IDS such as Snort configured on your network, it would be
fairly straightforward to build a configuration watching for DHCP
traffic on specific VLANs not originating from legitimate servers (as
defined by you, The Administrator).

Find a helpful article here describing such a scenario:

http://security.itworld.com/4363/ITW3542/page_1.html

HTH,

Matt

Follow-Ups:
- Re: Tool for Identifying Rogue Linksys Routers
  - From: Paul Halliday

Prev by Date: [security bulletin] SSRT051023 rev.0 - HP Openview Network Node Manager (OV NNM) Remote Unauthorized Access
Next by Date: MDKSA-2005:150 - Updated bluez-utils packages fix vulnerability
Previous by thread: RE: Tool for Identifying Rogue Linksys Routers
Next by thread: Re: Tool for Identifying Rogue Linksys Routers
Index(es):
- Date
- Thread