Home page logo

basics logo Security Basics mailing list archives

detecting illegally installed gateways
From: J Hein <j.hein () ymail com>
Date: Mon, 17 May 2010 02:18:34 -0700 (PDT)

hi all,

I have a somewhat difficult problem to crack - there is a large corporate network which covers several Nordic 
countries, and unfortunately there have been cases in the past where a device with routing capability has been plugged 
into the network (for creating a "faster" connection to the internet for a branch office). Because this violates 
corporate policies and creates "invisible" entry points to the internal network, I have been given a task to find a 
suitable software for finding such kind of illegal routers.

Are there any good products for detecting illegally installed boxes with a routing capability? One of my fellow 
consultants suggested IP Sonar (by Lumeta) for this purpose which (as he claims) has been successfully used by BT in 
the past. From the product description I've got an impression that IP Sonar cleverly uses traceroute for detecting 
routers that illegally exchange information between internal networks and the internet (so called "network leaks").

I understand that router detection is a complex issue, and in order to address this problem fully, one needs to analyze 
traffic that flows through all key routers and switches in the whole corporate network. Unfortunately, since the 
deployment of such monitoring system takes a lot of time, I'd like to begin with a relatively simple solution which 
attempts to locate network leaks by polling the network from few points only (like IP Sonar does, using traceroute for 
that purpose).

Can anyone recommend any such commercial or open source tools? (open source utilities are my preference :)

Thanks in advance!



Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.


  By Date           By Thread  

Current thread:
  • detecting illegally installed gateways J Hein (May 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]