The right way to fix that is to implement switch-level recurity. Limit the number of mac and IP address on each ports. No workstation should ever have more that one MAC and IP address... If you don't have the budget for that kind of switch, I'd first try to identify open ports and try to recognize services on a linksys router. Nmap and telnet will be your best friends. Thomas Guyot-Sionnest, Administrateur de systèmes Tél: (514) 842-7054 Fax: (514) 221-3395 Courriel: thomas@xxxxxxxxx > -----Original Message----- > From: Martin Mkrtchian [mailto:dotsecure@xxxxxxxxx] > Sent: Thursday, August 25, 2005 14:49 > To: Bugtraq; Full-Disclosure (E-mail) > Subject: Tool for Identifying Rogue Linksys Routers > > Dear Group Members > > We are migrating from Lucent QIP to MetaIP for DHCP services > and so far we have had two issues when MetaIP has been > implemented for VLAN that has an unauthorized Linksys router > giving out IP addresses. > > Is there a scanning tool out there that can determine if > there are unauthorized Linksys (type) routers in a specific VLAN? > > Your input is appreciated > > Thank You > > Martin M > http://dotsecure.blogspot.com >
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
