[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] how to bypass rouge machine detection techniques

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] how to bypass rouge machine detection techniques
From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Date: Mon, 11 Jul 2005 15:37:43 -0400

now i am just wondering if the detection technique can be integrated
at the switch level. for example, one software can connect to switch
via ssh, and collect the ipaddress information of the machine trying
to plug in to the network, as soon as we detect this machine, we can
connect to it to test whether its a part of trusted domain/network or
not.


http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_13/config/dhcp.htm

Not 100% of what you asked, but basically requires the device "obey" the trusted DHCP server you define. It's only available on certian edge switches (notably the 35xx and some 29xx units) AFIK.

Cheers,

~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] how to bypass rouge machine detection techniques
  - From: Gaurav Kumar
- RE: [Full-disclosure] how to bypass rouge machine detection techniques
  - From: Paul Melson
- Re: [Full-disclosure] how to bypass rouge machine detection techniques
  - From: Gaurav Kumar

Prev by Date: Re: [Full-disclosure] how to bypass rouge machine detection techniques
Next by Date: Re: [Full-disclosure] how to bypass rogue machine detection techniques
Previous by thread: Re: [Full-disclosure] how to bypass rouge machine detection techniques
Next by thread: Re: [Full-disclosure] how to bypass rogue machine detection techniques
Index(es):
- Date
- Thread