Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NAT devices on the network 1

Status
Not open for further replies.
browmaster

browmaster

Programmer
Oct 24, 2003
11
0
0
US
I am starting to work on removing some security issues. One of these being Rouge Access points on the network. I can see that they are out there. however is there a simple way to see the port they are plugged into the network? I don't know the mac address and I can't connect directly to their wireless to find out what IP they are using from my network. I need to be able to detect the ports that have NAT devices connected to them. Most of these would be simple Linksys, Netgear or DLINK devices that you can buy anywhere for under $100. I have been reading some things about TTL counts being different, However I have way to much traffic on the network to be sniffing everything. anyone now of a quick and simple way to find these devices?
 
Sort by date Sort by votes
Those devices should have common MAC prefixes.

A quick google search produced this list of know MAC prefixes from Linksys: [URL unfurl="true"]http://www.coffer.com/mac_find/?string=Linksys[/url]

Filter your mac tables for the known prefixes and search from there. That is the cheapest way to go.

You can also invest in systems that hunt for rogue APs. I know Fluke sells a device with a directional antenna that you can walk around your building with. Cisco has software that works in conjunction with their APs. All of these solutions cost $$$$$$ though.

PSC
[—] CCNP [•] CCSP [•] MCITP: Enterprise Admin [•] MCSE [—]

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
 
Upvote 0 Downvote
That is a thought it may not be perfect but this will help me narrow things down. As well as keep the cost down.

Our Aruba wireless solution tells us approximately where the rogue AP's are so that isn't an issue. The issue is where are they connecting on the switch side. Once I find the port I will know the MAC and I can filter this out.

I just wish there was a simple way to find NAT devices soon after they are connected to the network. This way I could shut the port down.

Thanks
 
Upvote 0 Downvote
port-security and/or 802.1x port-based authentication

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Upvote 0 Downvote
I thought of the port based security but we don't know when people are moving (desktop support is a different department) not to mention some of the jacks are designated for Notebook use. This would create some administrative overhead that we don't have time or manpower for. I have thought of this...and it would curtail if not stop this.



Dot1x Authentication is the ultimate goal but this can be spoofed by the NAT device. Authentication happens for one PC behind the device and the port is open/authenticated for all devices behind it.

I wonder if DHCP/DNS can help me find IP addresses that aren't PC/Mac based.
 
Upvote 0 Downvote
The problem is that you don't know how many devices are behind the NAT device. You will never see their MACs, so port-security won't do much good. If it were a straight AP with no NAT, then port-security would be a sure shot.

Port security is a good practice though. It doesn't matter that user's move around, all you have to do is make sure that only MAC is on a give port at a given time.

PSC
[—] CCNP [•] CCSP [•] MCITP: Enterprise Admin [•] MCSE [—]

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
 
Upvote 0 Downvote
One last thing... To make sure that your no rogue AP problem is cleared up, you need have a written policy with clear definitions and management backing. Without the ability censure or terminate, this problem will be never ending for you.

PSC
[—] CCNP [•] CCSP [•] MCITP: Enterprise Admin [•] MCSE [—]

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
 
Upvote 0 Downvote
Thanks to all for your posts... I can see this is a forum that will be very usefull.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
72
Luzbel
Luzbel
testman1
  • Locked
  • Question
SIP telephone ring on second call
Replies
0
Views
67
testman1
testman1
stanlyn
  • Locked
  • Question
HowTo Install Multiple PAP2T ATA Devices on Same Lan
Replies
3
Views
86
iggsterman
iggsterman
woza
  • Locked
  • Question
GNS3: Delete the lines "transport preferred none"
Replies
1
Views
97
DrB0b
DrB0b
WinstonCH
  • Locked
  • Helpful tip
What is wrong with the diagram, there are people who will help to fix it? How do i do the configurat
Replies
1
Views
87
BIS
BIS

Part and Inventory Search

Sponsor

Back
Top