[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] how to bypass rouge machine detection techniques



now i am just wondering if the detection technique can be integrated
at the switch level. for example, one software can connect to switch
via ssh, and collect the ipaddress information of the machine trying
to plug in to the network, as soon as we detect this machine, we can
connect to it to test whether its a part of trusted domain/network or
not.

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_13/config/dhcp.htm

Not 100% of what you asked, but basically requires the device "obey" the trusted DHCP server you define. It's only available on certian edge switches (notably the 35xx and some 29xx units) AFIK.

Cheers,

~Mike.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/