|
|
Security Basics
Comparing hosts on a network to text file Aug 07 2012 02:37PM Morris, Andi (amorris cardiffmet ac uk) (4 replies) RE: Comparing hosts on a network to text file Aug 09 2012 10:35PM Simon Thornton (simon thornton info) (1 replies) RE: Comparing hosts on a network to text file Aug 10 2012 02:47PM Mike Saldivar (Mike Saldivar usurf usu edu) RE: Comparing hosts on a network to text file Aug 09 2012 07:53AM Demetris Papapetrou (dpapapetrou internalaudit gov cy) (1 replies) RE: Comparing hosts on a network to text file Aug 10 2012 04:13PM Steve Steiner (seswho704 comcast net) Re: Comparing hosts on a network to text file Aug 07 2012 05:33PM Johannes Truschnigg (johannes truschnigg info) |
|
Privacy Statement |
You could create a database of the known and compare separate tables of the current active, leaving the results of any not listed in the known.
Respectfully,
Dave Kleiman - http://www.ComputerForensicsLLC.com - http://www.computerforensicsexpertwitnesses.com/
4371 Northlake Blvd #314
Palm Beach Gardens, FL 33410
561.310.8801
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Morris, Andi
Sent: Tuesday, August 07, 2012 10:38
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Comparing hosts on a network to text file
Hi all,
Iâ??m looking to create a script, or use something already in existence to scan a network for hosts, returning the mac addresses active on the network. The script should then compare the mac addresses discovered to a prepopulated text file and somehow notify me of any discrepancy.
Iâ??d imagine nmap would be the tool Iâ??m after.
The scenario is:
I have a network that has a filled DHCP scope.
When a user registers a device with us we assign them an IP address on the Windows DHCP server.
We are trying to avoid users manually giving themselves an IP address from this range and gaining access.
My plan was to have a script poll the network every â??nâ?? minutes to compare the mac addresses on the network to those that we have reserved IPs for and to email the details of any rogue clients to a designated mailbox .
Does this sound feasible and does anyone know of a tool that would already exist for this before I spend hours learning and configuring nmap (not time badly spent I admit).
Cheers,
Andi
---------------------------------------------------------------
Andi Morris
Technical Security Analyst
Systems and Communications Services
Information Services Division
Cardiff Metropolitan University
Cardiff
Wales
CF5 2YB
02920 205720
--------------------------------------------------------------
________________________________
From 1st November 2011 UWIC changed its title to Cardiff Metropolitan University. From the 6th December 2011, as part of this change, all email addresses which included @uwic.ac.uk have changed to @cardiffmet.ac.uk. All emails sent from Cardiff Metropolitan University will now be sent from the new @cardiffmet.ac.uk address. Please could you ensure that all of your contact records and databases are updated to reflect this change. Further information can be found on the website here.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
Ar Dachwedd y 1af 2011 newidiodd UWIC ei henw i Brifysgol Fetropolitan Caerdydd. O Ragfyr 6ed, fel rhan o'r newid yma, bydd pob cyfeiriad e-bost sy'n cynnwys @uwic.ac.uk yn newid i @cardiffmet.ac.uk. Bydd yr holl ebyst a ddanfonir o Brifysgol Fetropolitan Caerdydd yn cael eu danfon oâ??r cyfeiriad @cardiffmet.ac.uk newydd. Gwnewch yn siwr eich bod yn diweddaru eich cofnodion cyswllt a'ch cronfeydd data i adlewyrchu hyn. Gellir cael rhagor o wybodaeth ar y wefan yma.<http://www3.uwic.ac.uk/English/News/Pages/UWIC-Name-Change.aspx>
[ reply ]