Yes, but the hub must be deployded by someone who has a username and password to connect to your network. It is like you won´t use keylocks in the door just because someone can lend the key to some one not authorized. So for me, wireless and wired is the same.
-tlecu On 15/03/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > 802.1X works quite well in a wireless environment where there is > continual authentication of the client but it can be subverted on a > wired LAN simply by using a $10 hub. Attaching a legitimate device > to the hub will keep the switch port open and allow anything else > you connect to the hub to access the LAN. > > -----Original Message----- > From: Eagle Fire [mailto:[EMAIL PROTECTED] > Sent: 13 March 2006 10:06 > To: [email protected] > Subject: Re: Scan for "outsider" Pcs on network > > > Could be 802.1X an alternative? Probably hard to deploy, switches > and wireless AP with the feature and some OS challenges but it may > be a solution. > > -tlecu > > On 09/03/06, Ron Gula <[EMAIL PROTECTED]> wrote: > > At 05:15 AM 3/6/2006, Mircea MITU wrote: > > >On Thu, 2006-03-02 at 23:47 +0000, [EMAIL PROTECTED] > wrote: > > > > Is there a way to setup a scan and be notified of an > intruding pc > > > > that is physically plugged into the network? > > > > > >Sure, use arpwatch. > > > > Actually, this will find "new" hosts all the time with little > > discrimination between a new valid laptop on the LAN and a > visiting > > consultant in the conference room. > > > > A lot of SIMs have the ability to process log files (such as > those of > > arpwatch or the dhcp logs of a Windows server) and identity the > MAC > > address. If you can recognize a "new" MAC address and also > associate > > it with something interesting like "the conference room" or "the > > server farm" you can specify different levels of alerting or > logging. > > An example of this is here in one of Tenable's TASL event > correlation > > rules: > > > > http://cgi.tenablesecurity.com/tasl/new_mac.tasl > > > > The particular script is simple in that it just alerts on > > a new MAC addr. Different scripts could consume output of this > script > > and have 2nd order alerts depending on the location of the IP > address > > issued, the type of MAC, .etc. > > > > Ron Gula, CTO > > Tenable Network Security > > > > > > > > > Concerned about your privacy? Instantly send FREE secure email, no account > required > http://www.hushmail.com/send?l=480 > > Get the best prices on SSL certificates from Hushmail > https://www.hushssl.com?l=485 > >
