Educause Security Discussion mailing list archives
Re: Large edu's doing NAT campus wide?
From: Justin Azoff <JAzoff () UAMAIL ALBANY EDU>
Date: Mon, 30 Apr 2007 10:03:51 -0400
Clifford Collins wrote:
Perhaps what I'm about to say should be forked to another discussion. Unlike the subject title, we are a small edu doing NAT using the large 10.0.0.0 private address block. As a result, I have the joy of scanning a large, empty space on a regular basis. This is a royal pain in the scanner.
Am I wasting my time empirically verifying that our routers and switches aren't servicing rogue devices in the vastness of 16.7 million possible addresses? Should I only be concerned with the few dozen class C blocks we have assigned for official use? How do you deal with patrolling the alleys of your network?
I do the following: 1. Dump the arp table from the router[s] to get the list of active addresses.(using netdisco). call this set 'A' 2. Perform a ping sweep over the class B twice a day. call this set 'B' Set 'A' could be used as the input for step 2, since set 'B' is always a subset of set 'A'. Additionally the list obtained by taking 'A-B' are all the machines on the network running some sort of firewall. For doing scans, either set 'A' or 'B' can be used for targets. Machines in set 'B' will usually be scanned faster, while machines in set 'A-B' will take a longer time, and possibly need a different set of parameters. By tuning the timeout and port scan settings for the machines you suspect are running firewalls you can greatly reduce the time it takes to run a scan. -- -- Justin Azoff -- Network Performance Analyst
Current thread:
- Re: Large edu's doing NAT campus wide?, (continued)
- Re: Large edu's doing NAT campus wide? Randall C Grimshaw (Apr 29)
- Re: Large edu's doing NAT campus wide? Jeff Murphy (Apr 29)
- Re: Large edu's doing NAT campus wide? Joe St Sauver (Apr 29)
- Re: Large edu's doing NAT campus wide? Chris Allison (Apr 29)
- Re: Large edu's doing NAT campus wide? Kenneth Arnold (Apr 29)
- Re: Large edu's doing NAT campus wide? Russell Fulton (Apr 29)
- Re: Large edu's doing NAT campus wide? Cal Frye (Apr 29)
- Re: Large edu's doing NAT campus wide? Jeff Kell (Apr 29)
- Large edu's doing NAT campus wide? Marcos Vieyra (Apr 30)
- Re: Large edu's doing NAT campus wide? Clifford Collins (Apr 30)
- Re: Large edu's doing NAT campus wide? Justin Azoff (Apr 30)
- Re: Large edu's doing NAT campus wide? Roger Safian (Apr 30)
- Re: Large edu's doing NAT campus wide? Brian Paige (Apr 30)
- Re: Large edu's doing NAT campus wide? John Ladwig (Apr 30)
- Re: Large edu's doing NAT campus wide? John Ladwig (Apr 30)
- Re: Large edu's doing NAT campus wide? Kevin Shalla (May 02)
- Re: Large edu's doing NAT campus wide? David A Lundy (May 02)
- Re: Large edu's doing NAT campus wide? John Ladwig (May 02)