Firewall Wizards mailing list archives
RE: finding undocumented external connections
From: "Stout, Bill" <StoutB () pios com>
Date: Mon, 03 Aug 1998 12:04:29 -0400
Watch for unknown IP addresses on the net, or lots of traffic to one node that may act as a gateway. To do this you need a monitor on each local network (either sniffers, network probes, IDS, or other). Once you see a foreign address, trigger a script to traceroute it, probe it, identify it. If your users add a modem to a PC, you won't see it from the network. You can wardial each area-code/prefix, but you'll miss modems which are not in auto-answer mode. Wardialers will catch users who created dial-in access to your net (carbon copy, PC-anywhere, RAS, PPP/terminal servers, etc). Requesting a copy of each offices' phone bill may be of some help, but multiple departments may be paying separate bills. Company policies help, if the directors and employees take them seriously. Bill Stout
----- Original Message ----- From: Ng, Kenneth [SMTP:kenng () kpmg com] Sent: Friday, July 31, 1998, 8:01:08 To: Stout, Bill Subject: finding undocumented external connections [To unsubscribe, send mail to majordomo () lists gnac net with "unsubscribe firewalls" in the body of the message.] - I have a question to those people who run large networks. Sorry this
is
not directly related to firewalls, but I believe it to be reasonably close. If you have lets say a hundred or more offices, it becomes impratical to visit each and every one can conduct an audit of the network in that office. What methods are there for finding out if an office has set up an unauthorized connection to either the Internet or to another company? Currently the only way I know is to see if an unusual route shows up on the WAN. Yes I know that the best system is for people to report such connections, but if this was a perfect world we wouldn't need locks on our doors. Thank you in advance for your suggestions. ----- End Of Original Message -----
Current thread:
- RE: finding undocumented external connections Stout, Bill (Aug 03)
- Re: finding undocumented external connections Lyndon David (Aug 04)
- <Possible follow-ups>
- RE: finding undocumented external connections torkel . thune (Aug 05)
- RE: finding undocumented external connections Gary Crumrine (Aug 05)
- RE: finding undocumented external connections Marcus J. Ranum (Aug 05)