HP managed switches have this feature too, as a bonus you can also specify whether it should "learn" the authorized MAC and limit the number of simultanious MACs on a port, or specify which addresses are allowed. Then (as Ethan indicated) you can send a trap and/or disable the port - both set an intrusion flag on the port. Pretty cool I thought! ----- Original Message ----- From: "Ethan" <[EMAIL PROTECTED]> To: "'Sebastian Schneider'" <[EMAIL PROTECTED]>; "'CHRIS GRABENSTEIN'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, August 11, 2003 9:06 PM Subject: RE: Network scanning
Most newer switches can lock down how many mac addresses are allowed to be sourced on one port.. if that amount is reached, the port can be disabled or other action taken (snmp trap, etc)... I know there are plenty of cisco switches that do this anyhow, I'm sure there are others... Ethan -----Original Message----- From: Sebastian Schneider [mailto:[EMAIL PROTECTED] Sent: Friday, August 08, 2003 12:10 PM To: CHRIS GRABENSTEIN; [EMAIL PROTECTED] Subject: Re: Network scanning On Friday 08 August 2003 14:19, CHRIS GRABENSTEIN wrote: > As far as the hard wires, I think the best solution is to search out those > unused ports and unplug them from the switch. They can be quickly > reconnected if needed, and you'll know about it. I guess you're actually aware, that not everyone is locking up rooms containing switches. And just plugging out unused cables won't be sufficient, since usually I just can plug out any computer and plug in my own. > |-----Original Message----- > |From: netsec novice [mailto:[EMAIL PROTECTED] > |Sent: Thursday, August 07, 2003 4:51 PM > |To: [EMAIL PROTECTED] > |Subject: Network scanning > | > | > |Are there tools out there that would allow system administrators to be > |notified when a new workstation attaches to a network? I'm > |thinking both > |wireless and ethernet in this case. SNMP maybe? I am in a > |credit union > |environment and my concern is that someone would be able to steal an > |existing jack or a jack that is not physically protected but > |live and be > |able to capture traffic or do reconaissance. We don't have > |Wireless access > |at this point but may look to it in the future. My only > |thought in that > |case would be to encrypt all traffic since wireless security > |is a bit scary > |at this point. Any ideas? > > ------------------------------------------------------------------------ --- > ------------------------------------------------------------------------ --- >- -- ----------------------------- straightLiners IT Consulting & Services Sebastian Schneider Metzer Str. 12 13595 Berlin Germany Phone: +49-30-3510-6168 Fax: +49-30-3510-6169 Mail: [EMAIL PROTECTED] Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
