[27226] in resnet
Re: Anyone know of a tool that....
daemon@ATHENA.MIT.EDU (Chris Davis)
Wed Feb 1 08:02:07 2012
Content-Language: en-US
Content-Type: multipart/alternative; boundary="_000_AFF7E56B606814458FDD7379332233491C61FF39SVEXCMB01princi_"
MIME-Version: 1.0
Message-ID: <AFF7E56B606814458FDD7379332233491C61FF39@SV-EXCMB-01.principia.local>
Date: Thu, 26 Jan 2012 22:51:17 +0000
Reply-To: Resnet Forum <RESNET-L@listserv.nd.edu>
From: Chris Davis <Chris.Davis@PRIN.EDU>
To: RESNET-L@listserv.nd.edu
In-Reply-To: <AFF7E56B606814458FDD7379332233491C61A9AB@SV-EXCMB-01.principia.local>
--_000_AFF7E56B606814458FDD7379332233491C61FF39SVEXCMB01princi_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Thanks for all the replies. I probably should have been a bit more accurat=
e in the description of what I'm trying to do. I am remote to the site in =
question. So I have to use a tool that scans out over our wan link to the =
desired site and then probes the wireless subnet. So I can't use a wireless=
scanning solution. Pity that, because it probably has the best chance of =
doing what I wanted, but possibly not.
Our wireless network is a large flat beast, spread across the whole campus =
consisting of a class B subnet and consisting of around 200 or 220 WAPs. N=
othing I've tried seems to work. So far. I believe someone pointed me to =
a Mac based tool that I haven't tried yet. We'll have to see. I searched =
and found someone wrote up a way to get the data from nmap, but it doesn't =
seem to be working for me.
One of my firewalls is constantly reporting half scan attacks from differen=
t IP addresses to the tune of between 10s and hundreds per day. Seems like=
when I get a number of these errors, I get the SYN attack warning, and the=
n usually within 10 minutes, I get notification that there is no longer a S=
YN attack occurring. When I go in manually and look at these addresses, th=
ey have always been iPhones, iPods, iPod touches, etc. I'd really like a w=
ay to scan a list and compare it when the errors roll in. I'll update if a=
nything changes.
Thanks.
Chris
___________________________________________________
You are subscribed to the ResNet-L mailing list.
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_AFF7E56B606814458FDD7379332233491C61FF39SVEXCMB01princi_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=
//www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3D"Generator" content=3D"Microsoft Word 12 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Papyrus;
panose-1:3 7 5 2 6 5 2 3 2 5;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle17
{mso-style-type:personal;
font-family:Papyrus;
color:windowtext;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:Papyrus;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"purple">
<div class=3D"WordSection1">
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#1F497D">Thank=
s for all the replies. I probably should have been a bit more accurat=
e in the description of what I’m trying to do. I am remote to t=
he site in question. So I have to use a tool that scans
out over our wan link to the desired site and then probes the wireless sub=
net. So I can’t use a wireless scanning solution. Pity that, be=
cause it probably has the best chance of doing what I wanted, but possibly =
not.
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#1F497D"><o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#1F497D">Our w=
ireless network is a large flat beast, spread across the whole campus consi=
sting of a class B subnet and consisting of around 200 or 220 WAPs. N=
othing I’ve tried seems to work. So far.
I believe someone pointed me to a Mac based tool that I haven’t trie=
d yet. We’ll have to see. I searched and found someone wr=
ote up a way to get the data from nmap, but it doesn’t seem to be wor=
king for me.
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#1F497D"><o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#1F497D">One o=
f my firewalls is constantly reporting half scan attacks from different IP =
addresses to the tune of between 10s and hundreds per day. Seems like=
when I get a number of these errors, I get
the SYN attack warning, and then usually within 10 minutes, I get notifica=
tion that there is no longer a SYN attack occurring. When I go in man=
ually and look at these addresses, they have always been iPhones, iPods, iP=
od touches, etc. I’d really like a way
to scan a list and compare it when the errors roll in. I’ll up=
date if anything changes.
<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#1F497D"><o:p>=
</o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#1F497D">Thank=
s.<o:p></o:p></span></p>
<p class=3D"MsoNormal"><span style=3D"font-size:12.0pt;color:#1F497D">Chris=
<o:p></o:p></span></p>
</div>
</body>
</html>
___________________________________________________
You are subscribed to the ResNet-L mailing list.
<p>
To subscribe, unsubscribe or search the archives,
go to http://LISTSERV.ND.EDU/archives/resnet-l.html
___________________________________________________
--_000_AFF7E56B606814458FDD7379332233491C61FF39SVEXCMB01princi_--
