Tim,Carric,
Where can I find nessus and nmap. Also, has anybody ever used or is familiar with
CyberCop Scanner from Network Associates(www.nai.com). It seems to be quite loaded,
and may be even an overkill and cost too much.
Thanks,
ali
>>> Tim Sailer <[EMAIL PROTECTED]> 04/18/00 10:09AM >>>
On Tue, Apr 18, 2000 at 09:57:41AM -0400, Carric Dooley wrote:
> I want to do something like this with a Linux box. You could use a combination of
>something like Argus (I think that's what it's called... look at www.opensec.net)..
>it detects new MAC's on the network. You could use it in tandem with nmap and get
>what you are trying to achieve. I want to partner that with some kind of DoS tool
>(like the RST daemon in hunt) so if a user brings up a DHCP server on one of my nets,
>every packet he transmits gets hit with RST's...
Argus, or arpwatch, or anything like that won't really work across our
switched network. We have roughly 6500 devices hanging on a /16 IP block.
I can get the MACs from the 5 main routers. I guess I can use the batch
mode of nessus, which I never knew existed! I was too concentrated on the
GUI. I'm plopping all the MACs, associated IPs, and FQDN into a database,
and running through that every 10 minutes. That window may be too large, but
it's a start, until I can get this worked out.
Thanks,
Tim
--
(work) [EMAIL PROTECTED] / (home) [EMAIL PROTECTED] - http://www.buoy.com/~tps
Lord, grant me the serenity to accept the things I cannot change,
the courage to change the things I can, and the wisdom to hide the
bodies of the people I had to kill because they pissed me off - Anon.
** Disclaimer: My views/comments/beliefs, as strange as they are, are my own.**
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
