Full Disclosure mailing list archives
Re: how to bypass rogue machine detection techniques
From: Devdas Bhagat <devdas () dvb homelinux org>
Date: Tue, 12 Jul 2005 02:45:52 +0530
On 12/07/05 00:55 +0530, Gaurav Kumar wrote:
thanks a lot everybody.
Spelling in subject corrected.
now i am just wondering if the detection technique can be integrated at the switch level. for example, one software can connect to switch via ssh, and collect the ipaddress information of the machine trying to plug in to the network, as soon as we detect this machine, we can connect to it to test whether its a part of trusted domain/network or not.
You would need to trigger the scan when the host is plugged into the switch. The device also needs to respond to an ARP request of some sort. What happens if I plug in a dumb hub into the switch, and then a laptop with no IP address on the NIC and ARP disabled into the hub? Keep in mind that switches are designed to fail open, so I just need to flood the switch with a very large number of MAC addresses to convert it into a nice broadcast device.
i think even if a box is in stealth mode, we can still detect it if we use our detection mechanism at switch level itself.
Possible. However, in most cases, it is easier to implement proper physical security and not let random people connect from nodes all over the place. Using 802.1x is useful as well. Devdas Bhagat <snipped> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- how to bypass rouge machine detection techniques Gaurav Kumar (Jul 11)
- RE: how to bypass rouge machine detection techniques Paul Melson (Jul 11)
- Re: how to bypass rouge machine detection techniques Gaurav Kumar (Jul 11)
- Re: how to bypass rouge machine detection techniques Michael Holstein (Jul 11)
- Re: how to bypass rogue machine detection techniques Devdas Bhagat (Jul 11)
- Re: how to bypass rouge machine detection techniques Gaurav Kumar (Jul 11)
- <Possible follow-ups>
- RE: how to bypass rouge machine detection techniques Cassidy Macfarlane (Jul 11)
- RE: how to bypass rouge machine detection techniques Lauro, John (Jul 11)
- RE: how to bypass rouge machine detection techniques Paul Melson (Jul 11)