Re: Tool for Identifying Rogue Linksys Routers

To: Matt Mercer <MattM@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: Tool for Identifying Rogue Linksys Routers
From: Paul Halliday <paul.halliday@xxxxxxxxx>
Date: Fri, 26 Aug 2005 21:41:12 -0300
Cc: bugtraq@xxxxxxxxxxxxxxxxx, Martin Mkrtchian <dotsecure@xxxxxxxxx>
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=ryzhhSeh07swZSkLY2DWd5AQPyCibTUm4xn0vBkqM08tOFshzeB+O1B8iboTwGun0BYMsndFpN4lIcElvuD7P6ahDgEb1zdsWyfz/lONHKOwS+ohrBoL4D/he6I/SKDp4S5E1qNfelQyX3xmk2yBwKozqcK1Y66kGS+DeWE9kRU=
In-reply-to: <4B068AAC3504884EA9ECCC14B636D574753C76@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <4B068AAC3504884EA9ECCC14B636D574753C76@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>

Why not arpwatch? It is tiny, simple and passive.

On 8/25/05, Matt Mercer <MattM@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> Hi Martin,
> 
> >We are migrating from Lucent QIP to MetaIP for DHCP services and so
> >far we have had two issues when MetaIP has been implemented for  VLAN
> >that has an unauthorized Linksys router giving out IP addresses.
> 
> If you have an IDS such as Snort configured on your network, it would be
> fairly straightforward to build a configuration watching for DHCP
> traffic on specific VLANs not originating from legitimate servers (as
> defined by you, The Administrator).
> 
> Find a helpful article here describing such a scenario:
> 
> http://security.itworld.com/4363/ITW3542/page_1.html
> 
> HTH,
> 
> Matt
> 


-- 
_________________
Paul Halliday
http://dp.penix.org

"Diplomacy is the art of saying "Nice doggie!" till you can find a rock."

References:
- RE: Tool for Identifying Rogue Linksys Routers
  - From: Matt Mercer

Prev by Date: Re: ZipTorrent 1.3.7.3 Discloses Proxy Passwords to Local Users
Next by Date: Re: Tool for Identifying Rogue Linksys Routers
Previous by thread: RE: Tool for Identifying Rogue Linksys Routers
Next by thread: Quake 2 Lithium Mod V 1.24 Macro Expansion Vuln?
Index(es):
- Date
- Thread