'detecting illegally installed gateways'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    detecting illegally installed gateways
From:       J Hein <j.hein () ymail ! com>
Date:       2010-05-17 9:18:34
Message-ID: 532700.2088.qm () web114309 ! mail ! gq1 ! yahoo ! com
[Download RAW message or body]

hi all,

I have a somewhat difficult problem to crack - there is a large corporate network \
which covers several Nordic countries, and unfortunately there have been cases in the \
past where a device with routing capability has been plugged into the network (for \
creating a "faster" connection to the internet for a branch office). Because this \
violates corporate policies and creates "invisible" entry points to the internal \
network, I have been given a task to find a suitable software for finding such kind \
of illegal routers.

Are there any good products for detecting illegally installed boxes with a routing \
capability? One of my fellow consultants suggested IP Sonar (by Lumeta) for this \
purpose which (as he claims) has been successfully used by BT in the past. From the \
product description I've got an impression that IP Sonar cleverly uses traceroute for \
detecting routers that illegally exchange information between internal networks and \
the internet (so called "network leaks").

I understand that router detection is a complex issue, and in order to address this \
problem fully, one needs to analyze traffic that flows through all key routers and \
switches in the whole corporate network. Unfortunately, since the deployment of such \
monitoring system takes a lot of time, I'd like to begin with a relatively simple \
solution which attempts to locate network leaks by polling the network from few \
points only (like IP Sonar does, using traceroute for that purpose).

Can anyone recommend any such commercial or open source tools? (open source utilities \
are my preference :)

Thanks in advance!

--
jhein



      

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL \
certificate.  We look at how SSL works, how it benefits your company and how your \
customers can tell if a site is secure. You will find out how to test, purchase, \
install and use a thawte Digital Certificate on your Apache web server. Throughout, \
best practices for set-up are highlighted to help you ensure efficient ongoing \
management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic