[c-nsp] Good way of finding unauthorized network elements/
Dodd, Steven
stevend at uidaho.edu
Fri Oct 30 16:19:40 EDT 2009
Span your outbound traffic and look for IPs with a TTL that is off by one.
-Steve
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of quinn snyder
Sent: Friday, October 30, 2009 12:37 PM
To: Marcelo Zilio
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Good way of finding unauthorized network elements/
inline comments
On Friday, October 30, 2009, Marcelo Zilio <ziliomarcelo at gmail.com> wrote:
>
> A third option (if your switches support it) is enable port security and
> maximum mac address numbers on each switchport.
>
depending on if the device is being used as layer3 and how his
topology is set up, a single mac address will only be presented to the
switchport, since the linksys is nat'ing packets.
if it is in the budget, the cisco wlc's will handle this task nicely,
however, i am unsure of the technical "licensing" on upgrading from
autonomous ap's to lwaps.
q.
>
> On Fri, Oct 30, 2009 at 4:08 PM, Scott Granados <gsgranados at comcast.net>wrote:
>
>> Hi all
>> I have a general question. I have a network consisting of about 20 access
>> switches and 2 core switches. We have 3 access points that we manage but
>> think someone might have brought in a linksys or DLink consumer device and
>> plugged in. (users, can't live with em, can't shoot em)
>> Is there a tool or good method that could scan the arp table and look for
>> Manufacturor ID bits so I could see roughly what's attached where? Are
>> there better tools in general or better methods of finding rogue elements
>> that people may attach?
>> Any pointers would be appreciated.
>>
>> Thanks
>> Scott
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list