Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

More on hunting rogue access points

Published: 2005-10-11
Last Updated: 2005-10-11 15:04:28 UTC
by Jim Clausing (Version: 3)
0 comment(s)
If you haven't read Kevin Liston's story from Friday on his adventure's hunting down rogue access points, please go read it.  I have to mention one other resource, if it comes to your area, check out the SANS Stay Sharp Program: Defeating Rogue Access Points class.  I had the opportunity to teach it in June and it does an excellent job of covering the fundamentals of how to track down these rogues in your environment.

------------------
Jim Clausing, jclausing/at/isc.sans.org  and http://handlers.sans.org/jclausing/
Keywords:
0 comment(s)

DHCP OS Fingerprinting

Published: 2005-10-09
Last Updated: 2005-10-09 22:34:12 UTC
by Jim Clausing (Version: 2)
0 comment(s)
Since it was another pretty quiet day, I was looking back through some old notes to see if I could come up with some diary material.  I read this article in SysAdmin magazine in February.  It got me thinking about how we track/manage the machines on our networks.  Especially the user machines.  The project at Kansas looks pretty interesting, but I was wondering if any of you, our loyal readers, had any experience with this or other similar tools and would be willing to share your experiences.  Send your experiences to me and I'll summarize the responses in my next diary (right now, I'm signed up for 6 Nov) and on my handler page.


---------------------------
Jim Clausing, jclausing /at/ isc.sans.org
Keywords:
0 comment(s)

What I'm reading today

Published: 2005-10-09
Last Updated: 2005-10-09 22:13:51 UTC
by Jim Clausing (Version: 1)
0 comment(s)
Another thing I like to do when I have a quiet shift is to mention the security book I'm reading and see if any of you have other suggestions.  Just this afternoon, I finally started reading one of the books I've had sitting on my desk for a couple of months, but just hadn't gotten to.  This one is File System Forensics (ISBN 0-32-126817-2) by Brian Carrier (of TASK/Sleuthkit and Autopsy fame).  I had the privilege of meeting Brian at a SANS conference when he was still a grad student, just after he released the first version of TCTUTILS, though I'm sure he won't remember me.  So far, it looks like it will be an excellent addition to the other forensic books on my book shelf.  I'll let you know for sure during my next shift.

----------------------
Jim Clausing, jclausing /at/ isc.sans.org, also see http://handlers.sans.org/jclausing/
Keywords:
0 comment(s)
Diary Archives