Even I was thinking of trying a workaround for such illegal sources. After doing some groundwork I found that these needs to have good understanding of L2 and L3 also the L7 (Layers of OSI). Because these protocols reveal much information of the devices. Hope if Some one has answer for the questions it would be of great help.
General Observations: 1. An rogue Access Point, Open for everyone to access may have keylogger.... 2. An rogue DHCP Server invoked in a network... 3. Etc.. On May 18, 6:15 pm, Sandeep Thakur <[email protected]> wrote: > hi all, one of my colleagues question for your study/answer: > --------------------------------------------------------------------------------------- > I have a somewhat difficult problem to crack - there is a large corporate > network which covers several Nordic countries, and unfortunately there have > been cases in the past where a device with routing capability has been > plugged into the network (for creating a "faster" connection to the internet > for a branch office). Because this violates corporate policies and creates > "invisible" entry points to the internal network, I have been given a task > to find a suitable software for finding such kind of illegal routers. > > Are there any good products for detecting illegally installed boxes with a > routing capability? One of my fellow consultants suggested IP Sonar (by > Lumeta) for this purpose which (as he claims) has been successfully used by > BT in the past. From the product description I've got an impression that IP > Sonar cleverly uses traceroute for detecting routers that illegally exchange > information between internal networks and the internet (so called "network > leaks"). > > I understand that router detection is a complex issue, and in order to > address this problem fully, one needs to analyze traffic that flows through > all key routers and switches in the whole corporate network. Unfortunately, > since the deployment of such monitoring system takes a lot of time, I'd like > to begin with a relatively simple solution which attempts to locate network > leaks by polling the network from few points only (like IP Sonar does, using > traceroute for that purpose). > > Can anyone recommend any such commercial or open source tools? (open source > utilities are my preference :) > > Thanks in advance! > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/nforceit?hl=en-GB. -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
