Slashdot Mirror

← Back to Stories (view on slashdot.org)

What's On Your Network?

Posted by Zonk on from the sneaky-goings-on dept.

An anonymous reader writes "According to a Whitedust article you may currently have more on your network than you think you do. The article claims that not much security attention is generally given to one of the most elusive aspects of computer security; that of physical connectivity." From the article: "Broadcast traffic is on the rise, with more suspicious user activity in the logs every day. Then one morning you get a call from your irate boss wanting to know why he no longer has a network connection, yet the employees - or students or whoever - down the hall are able to play games and visit porn sites, at blazing speeds no less."

9 of 188 comments (clear)

  1. static dhcp ? by maharg · · Score: 3, Interesting

    the best solution I have seen is where you have to register your equipments MAC address, then you get a "static" (i.e. always the same) ip address served to you via dhcp. No registered MAC address == no ip address. Presumably they had something looking for unregistered MAC addresses too. Pretty good, but doesn't stop you going in with a static address in the right range tho...

    --

    $ strings FTP.EXE | grep Copyright
    @(#) Copyright (c) 1983 The Regents of the University of California.
  2. heh by Renraku · · Score: 2, Interesting

    I think I've heard it called 'treasure hunting' before. Especially at places with huge IT departments in the building that just can't seem to find somethings that are taking a few IPs. Usually it ends up being a laptop in someone's bag hitting the internet, or a WAP in an abandoned office is serving warez to someone in the building next door.

    --
    Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
  3. Re:DHCP fun by Shadow_139 · · Score: 3, Interesting

    This happened in Trinity College a few years ago, there were a few old AS400 Servers the Admins had forgotten about till one crashed and kill 3 of the main backend Databases with were running on them.

    After 2 months of looking for the Servers, following a jungle of Cat5,Coax and AUX leads it turned out that there was some building work done about 6 years before in an old section of the College thats not been used anymore and the Servers were hidden in a room that had been blocked off behind a new wall that had been put in...?!!??!

  4. Wireless is worser! by Anonymous Coward · · Score: 1, Interesting

    If I have a completely wired network, the article describes exactly how to find the culprit. In a college context, I can find the bad guys without leaving my office. I can tell exactly where the offending connection is being made. With the security video, I can even watch the act as it occurs.

    Given wireless access, on the other hand, your problems are much greater. Even if I know which wireless access point is being accessed, I can't tell which laptop is doing what. It could be someone in a washroom somewhere. Naturally, I'm not delighted with the idea of providing wireless access to the students.

  5. Do some mapping before it is too late by pe1chl · · Score: 2, Interesting

    For many years, I have been running some simple scripts on a machine on the network that regularly reads out switch MAC tables using snmp. I also read router ARP tables this way.
    The result can be read from a webserver. IP address, MAC address, swichport and hostname are all conveniently grouped on a line.
    Knowing which switchport it is on, looking in the patch cabinet, I know on which wallsocket a suspicious device is, and a chart on the wall shows me in which room it is.

    Of course the routers have access lists so invalid network addresses aren't routed, and the DHCP server checks if a hostname conforms to the company convention before assigning an address,
    Plugging in your home laptop yields you an alarm, not an address.

  6. Re:DHCP fun by rbarreira · · Score: 2, Interesting

    can you say "Urban Legend?"

    Yes (there are better references on this but I couldn't locate them...)

    --

    The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
  7. Sometimes, DHCP sucks by lightyear4 · · Score: 2, Interesting

    'Whats On Your Network?' is a good question that should have been asked of the resnet techs at my university. Getting on the school network is automated for all computers with a browser, but other hardware-based network equipment must have its MAC registered manually. Needless to say, resnet doesnt actually enjoy it. One time, some moron plugged the ethernet cable from the wall into a LAN jack rather than the WAN. Kids' computers were sending DHCP requests out, receiving two responses, and dragging the entire network down. The complaint calls rained down upon tech support, and network techs had to go through dorm after dorm, checking every single room. And you thought DHCP made everything easier.

  8. Re:Maybe this is just me... by Canberra+Bob · · Score: 2, Interesting

    Not so simple - a place I worked for (a large telco) tried shutting down all non-approved systems. You know what happened? A large number of departments came to a screeching halt as so many depended on non-approved in-house servers etc and everything was quickly re-activated. Security doesnt come at the expense of line of business activities - its the LOB that produces the income. Any IT manager that decided that the company could lose millions upon millions in revenue because he wanted to secure the network would have his head kicked in. Having draconian approval processes for custom in-house systems didnt exactly move managers to try to get their systems approved either. Generally there is an ideal scenario, and the practical one, and the two are not the same.

  9. Re:I find it hard to believe by QuestorTapes · · Score: 2, Interesting

    > Are there really companies out there that still don't have a policy about not hooking up private
    > equipment to the LAN without permission?

    Yep; lots of them.

    > Are there even any that let you run your own server on their LAN without aking?

    Yep ;>

    > I find that hard to believe. Even if bandwidth isn't an issue, the company owns the equiptment
    > and has a right to say how it gets used, and what traffic is premitted.

    True. But where most people look at you funny if you walk into their house without knocking, there are many who look at you funny if you knock, and ask, "What the hell are you waiting for? Come in already."

    A lot of firms are the same.

    > Anybody adding private equipment or running an unauthorized server has to know they're violating
    > company policy, and can expect to be fired when it's discovered.

    Except when the company has no policy, or has lots of policies no one pays attention to, because everyone breaks them. Often because if you follow them, you can never get your work done.

    > The best way to keep it from happening a second time is to make sure everybody knows just why the fsckwit got canned.

    Unless, of course the fsckwit is the CEO, President, VP of this, Director of that. ;>

    Seriously; I don't hook up equipment without permission, even if it isn't 'policy', But it's a -lot- more common than you seem to think.

    Contracting at various firms, I see it all the time.