A neat older tool that works well, still needs to perhaps be updated to
reflect more current vulnerabilites, is BASS. It does not attemt tp hide
it's intrusions by any means though, so yer internal IDS systems will go
nuts...interesting thing is, that it still finds many of the old
vulnerabilities it was designed for out here and even in closed corporate
nets.
Thanks,
Ron DuFresne
On Tue, 18 Apr 2000, Tim Sailer wrote:
> On Tue, Apr 18, 2000 at 09:57:41AM -0400, Carric Dooley wrote:
> > I want to do something like this with a Linux box. You could use a combination of
>something like Argus (I think that's what it's called... look at www.opensec.net)..
>it detects new MAC's on the network. You could use it in tandem with nmap and get
>what you are trying to achieve. I want to partner that with some kind of DoS tool
>(like the RST daemon in hunt) so if a user brings up a DHCP server on one of my nets,
>every packet he transmits gets hit with RST's...
>
> Argus, or arpwatch, or anything like that won't really work across our
> switched network. We have roughly 6500 devices hanging on a /16 IP block.
> I can get the MACs from the 5 main routers. I guess I can use the batch
> mode of nessus, which I never knew existed! I was too concentrated on the
> GUI. I'm plopping all the MACs, associated IPs, and FQDN into a database,
> and running through that every 10 minutes. That window may be too large, but
> it's a start, until I can get this worked out.
>
> Thanks,
> Tim
>
> --
> (work) [EMAIL PROTECTED] / (home) [EMAIL PROTECTED] - http://www.buoy.com/~tps
> Lord, grant me the serenity to accept the things I cannot change,
> the courage to change the things I can, and the wisdom to hide the
> bodies of the people I had to kill because they pissed me off - Anon.
> ** Disclaimer: My views/comments/beliefs, as strange as they are, are my own.**
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
