RE: [Full-disclosure] Rogue Network Link Detection
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of H D Moore Sent: Monday, December 05, 2005 11:42 PM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Rogue Network Link Detection "Unauthorized network links are one of the biggest problems facing large enterprise networks. Users intent on bypassing corporate proxies will often use cable modems, wireless networks, or even full-fledged T1s to access the internet. These network links can have a drastic affect on organizational security; any perimeter access controls are completely bypassed, making it nearly impossible for the administrators to effectively concentrate their monitoring and intrusion prevention efforts. This document attempts to describe different approaches and techniques that can be used to detect these rogue network links." http://metasploit.com/research/misc/rogue_network/ -HD ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ We FINALY fix that problem. We implemented VMPS/Vlans using MAC address. Any rogue is placed in deny. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Rogue Network Link Detection
Hi, H D Moore wrote: I found an old document and some crappy perl code on my system, figured someone might find it interesting: I wouldn't say crappy. Indeed this is quite a handy little tool. I quickly discovered that I can now spoof traffic using our 3rd parties Data Center servers for approx 15 different IPs. (I also discovered that ALL of our VoIP phones can be used as a gateway out... Not necessararly for spoofing but to circumvent firewall rules in place for the Data subnets...) Also allows me to double check that the changes they made to our managed firewalls are in effect at each site. Cheers, DanBUK ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Rogue Network Link Detection
I found an old document and some crappy perl code on my system, figured someone might find it interesting: "Unauthorized network links are one of the biggest problems facing large enterprise networks. Users intent on bypassing corporate proxies will often use cable modems, wireless networks, or even full-fledged T1s to access the internet. These network links can have a drastic affect on organizational security; any perimeter access controls are completely bypassed, making it nearly impossible for the administrators to effectively concentrate their monitoring and intrusion prevention efforts. This document attempts to describe different approaches and techniques that can be used to detect these rogue network links." http://metasploit.com/research/misc/rogue_network/ -HD ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
