I’ve got an easy way to do this, I confiscate ‘em ;)
As others have said, this is a management problem. Untrustworthy parties
shouldn’t have physical access to your trunk ports.
That said Layer 2 MAC ACLs should block everything and allow only your switches.
Also do you have lit trunk ports
How about some scripts around fail2ban, if the same account logs in
multiple times, its banning time.
Kasper
On Friday, June 8, 2018, David Hubbard
wrote:
> This thread has piqued my curiosity on whether there'd be a way to detect
> a rogue access point, or proxy server with an inside and
David,
If you are using a product like ISE/Forescout you could set up multiple layers
of device identification prior to network authorization.
For example, a user would need to spoof the results of a legitimate device to
match the results of:
-NMAP scan
-Domain machine/user Auth
-OID/MAC
etc
as already said - this can be covered with adequate processes and
management (even so far as, not doing your job right? time
for HR...). however, there are many ways to ensure that random ports arent
doing anything other than what they should be doing - most of these
are L2 security features -
Cisco ISE will accomplish this.
-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of segs
Sent: Thursday, June 7, 2018 3:57 AM
To: nanog@nanog.org
Subject: Application or Software to detect or Block unmanaged swicthes
Hello All,
Please I have a very interesting
Enterprise WiFi systems, such as those by HPE (Aruba) and Cisco, have built-in
rogue detection including integrated spectrum analysis. Every AP becomes a
spectrum analyzer, so the WiFi controller can detect rogue APs, identify
whether or not they’re physically connected to your network, and
There are a few options.
1. Most likely it will leak information (STUN, NAT-PMP, etc.).
2. You could look obvious signs of NATted traffic. (e.g. re-use of the same
source port number to different destinations from the box, etc.)
3. You can look at the TTL or Hop-Count on
This is one of the reasons why large organizations, such as the ones you
describe, have both portable spectrum analyzers (covering the 2400 range
and 5150-5850 MHz 802.11(whatever) bands), and also ability to hunt for MAC
addresses of wifi devices that don't match known centrally managed APs.
Even
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
The posting is sent to APOPS, NANOG, AfNOG, SANOG, PacNOG, SAFNOG
TZNOG, MENOG, BJNOG, SDNOG, CMNOG, LACNOG, IRNOG and the RIPE Routing WG.
Daily listings are sent to
This thread has piqued my curiosity on whether there'd be a way to detect a
rogue access point, or proxy server with an inside and outside interface?
Let's just say 802.1x is in place too to make it more interesting. For
example, could employee X, who doesn't want their department to be back
I guess you can do that and more with a linux based switch like cumulus and
pica8.
They allow you to do all sorts of things like that because they are open.
On Thursday, June 7, 2018, wrote:
> In my previous life, we used a nac appliance from Bradford Networks
> whereby the mac address of
In response to feedback from operational security communities,
CAIDA's source address validation measurement project
(https://spoofer.caida.org) is automatically generating monthly
reports of ASes originating prefixes in BGP for systems from which
we received packets with a spoofed source address.
12 matches
Mail list logo
