I was curious what you guys do when you encounter a client that has a
network worm, but you don't know whose computer has the infection. I have a
client who keeps getting calls from Cox, stating that there is a computer on
their network that is sending out tons of spam. Two months ago at the
meeting we were playing with Cain & Abel, which can do ARP poisoning. And
although it's an amazingly powerful piece of software, it seems to
unfortunately be useful for only black hat hacking (password stealing)...
There's also Ethereal/Wireshark, but it seems to be useless on a switched
network, unless you can find an old crappy hub to put it on, between the
switch and the router. I honestly don't even know if we have a hub anywhere
around here. There are some commercial products out there made for this,
but they seem to start at around $2000. I was just wondering if anybody
knew of anything good that was open source. ARP poisoning would be a nice
feature, but I'm guessing that might only be a feature on the black hat
tools. ;) There are some things like Nessus and Zenoss, but are those just
for SNMP monitoring? They probably won't sniff for worm traffic. I might
look into Untangle and see if it offers that ability...but I figured I'd see
if you guys know of anything else? Thanks!
___________________
Nolug mailing list
nolug@nolug.org
Received on 03/28/08
This archive was generated by hypermail 2.2.0 : 12/19/08 EST