[ previous ] [ next ] [ threads ]
 
 From:  "Mohammed Ismail" <m dot ismael at gmail dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Anti netcut (was Re: [m0n0wall] m0n0wall 1.3b17)
 Date:  Sat, 2 May 2009 01:18:09 +0300
-----Original Message-----
From: Steve Bertrand [mailto:steve at ibctech dot ca] 
Sent: Friday, May 01, 2009 3:41 PM
To: Mohammed Ismail
Cc: 'Lee Sharp'; m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Anti netcut (was Re: [m0n0wall] m0n0wall 1.3b17)

If you have 100+ users across 20 buildings, I assure you that you need
to be concerned about internal security.

If you really do have 20 switches in 20 buildings, then surely your
company can afford to replace a few of them with managed gear.

At a minimum, you can buy Cisco 2950's on eBay for < $100 USD. They will
get you started, and even three of them in good locations will at least
minimize any impact an intruder might have (in the ARP Poison context).

Your better bet would be replace all 20 switches with managed ones, and
then you _could_ protect each client, and at the same time give you new
opportunities to re-design your broadcast domain into smaller, more
manageable purpose-built ones.

> Most people uses Switch Sniffer and Cain or winarp spoofer and netcut
> Plus womrs. 

Perhaps you are right, _most_ people likely do use those tools, but
knowledgeable people who require such tools for troubleshooting use
tcpdump, nmap, ettercap, hping2, scapy etc ;)

Steve

----------------------------------------------------------------------------

It is not a company, you will get shocked if you see one of these networks.
You will believe that they know nothing about standerds,
i just provide tech. support for them,
they buy switches around 12-15 USD.
The smartest one uses linksys 8 port, it is around 25 USD.
A 100 $ for a switch that they don't know how to use it!
I guess because they are out of standards, so that's why there is no ideal
solution for them except following standards.
I am just still wondering how mikrotik put you all alone only via DHCP. 
You get an ip and if you open sniffing tool you only find your self and the
server.
On same switched networks.

Best Regards, 
Mohammed