[Full-disclosure] how to bypass rouge machine detection techniques
Michael Holstein
michael.holstein at csuohio.edu
Mon Jul 11 20:37:43 BST 2005
> now i am just wondering if the detection technique can be integrated
> at the switch level. for example, one software can connect to switch
> via ssh, and collect the ipaddress information of the machine trying
> to plug in to the network, as soon as we detect this machine, we can
> connect to it to test whether its a part of trusted domain/network or
> not.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/12_1_13/config/dhcp.htm
Not 100% of what you asked, but basically requires the device "obey" the
trusted DHCP server you define. It's only available on certian edge
switches (notably the 35xx and some 29xx units) AFIK.
Cheers,
~Mike.
Full-Disclosure is hosted and sponsored by Secunia.