[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Tool for Identifying Rogue Linksys Routers

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Tool for Identifying Rogue Linksys Routers
From: "Matt Mercer" <MattM@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 25 Aug 2005 15:42:29 -0600

Hi Martin,

>We are migrating from Lucent QIP to MetaIP for DHCP services and so
>far we have had two issues when MetaIP has been implemented for  VLAN
>that has an unauthorized Linksys router giving out IP addresses.

If you have an IDS such as Snort configured on your network, it would be
fairly straightforward to build a configuration watching for DHCP
traffic on specific VLANs not originating from legitimate servers (as
defined by you, The Administrator).

Find a helpful article here describing such a scenario:

http://security.itworld.com/4363/ITW3542/page_1.html

HTH,

Matt

Follow-Ups:
- Re: Tool for Identifying Rogue Linksys Routers
  - From: Paul Halliday

Prev by Date: Re: Tool for Identifying Rogue Linksys Routers
Next by Date: Re: [ GLSA 200508-14 ] TikiWiki, eGroupWare: Arbitrary command execution through XML-RPC
Previous by thread: RE: Tool for Identifying Rogue Linksys Routers
Next by thread: Re: Tool for Identifying Rogue Linksys Routers
Index(es):
- Date
- Thread