On 3/20/11, Bill Davidsen <davidsen@xxxxxxx> wrote: > James McKenzie wrote: >> If you want to stop sniffing of the unencrypted traffic, then IPTables >> IS NOT THE WAY TO GO. You should either remove the sniffer program or >> make it so that only users with root capabilities can run it (sudoers >> should not have the program in it.) >>>> - Are there any good methods to find/audit for duplicated IP addresses? >>>> - Are the any good methods to find/audit for duplicated MAC addresses? >> arp should dump the entire cache. >> >> There should be a method to do the same thing for IP addresses? >> >> Looks like you have a larger problem than what you are looking at. If >> you are a security specialist, then you should know all of the tools you >> have at your disposal to find and destroy the bad nasties in your own >> network (hint, if you are running a Linux based router, they are there.) >> > I think the problem is that clients see each other's packets and run the > sniffer > on the client. The way to avoid that is to encrypt all packets. Agreed, in this case IPSec is your friend. Minimal overhead for maximum benefit. > Handing out a 2 > bit subnet from dhcp only helps if the bad guys use it. They generally sniff > every packet they can see, or at least that has the AP IP address as source > of dest. > > I still think arpwatch is the first tool, but security is not in getting rid > of bad guys, it's making the good guys paranoid enough to practice safe net. > Yep. Education is very critical for the success of any security plan. Make the Bad Guys very nervous and the Good Guys equally so. Make them aware that it is possible to detect what everyone is up to as well. Auditing and scanning are other tools to find out what they are up to. James McKenzie -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
