RE: Tool for Identifying Rogue Linksys Routers

["Thomas Guyot-Sionnest" <Thomas () zango com>]

The right way to fix that is to implement switch-level recurity. Limit the
number of mac and IP address on each ports. No workstation should ever have
more that one MAC and IP address...

If you don't have the budget for that kind of switch, I'd first try to
identify open ports and try to recognize services on a linksys router. Nmap
and telnet will be your best friends.

Thomas Guyot-Sionnest,
Administrateur de systèmes
Tél: (514) 842-7054
Fax: (514) 221-3395
Courriel: thomas () zango com 

> -----Original Message-----
> From: Martin Mkrtchian [mailto:dotsecure () gmail com] 
> Sent: Thursday, August 25, 2005 14:49
> To: Bugtraq; Full-Disclosure (E-mail)
> Subject: Tool for Identifying Rogue Linksys Routers
>
> Dear Group Members
>
> We are migrating from Lucent QIP to MetaIP for DHCP services 
> and so far we have had two issues when MetaIP has been 
> implemented for  VLAN that has an unauthorized Linksys router 
> giving out IP addresses.
>
> Is there a scanning tool out there that can determine if 
> there are unauthorized Linksys (type) routers in a specific VLAN?
>
> Your input is appreciated 
>
> Thank You
>
> Martin  M
> http://dotsecure.blogspot.com

Attachment: smime.p7s
Description: