Is there anything even close to Cisco WCS when it comes to wireless IDS/IPS solutions? I'm looking for something I can use for home based traffic monitoring and attack reporting.
I may have been spoiled by the tools I've used at work... Any help would be greatly appreciated.
My employer has assigned me with the task of picking our new hardware demo laptops. The requirements are:
1) 1 or preferably 2 free Mini-PCI slots
2) 14 or smaller screen
3) Standard 4GB of ram (or upgradable to that)
4) Enough Umph to decode H.264 /DivX without pausing
5) Least costly...
I have all three of those... They were obtained because they were:
A) Free. My employer paid
B) Easy stepping stones to CCNA, CISSP, MCSE
I'm laughing at this because I got them years ago and don't even have them on my resume now.
If it matters at all to you. I suggest using something...
We don't use it... We are CIDRed 10. and still have many years of IPs left.
Don't know anyone using it.
Can't really see a business case for using it. (Public IPs for phones? Why?)
It takes us roughly 30 minutes to grab data and nuke.
Then again, we have thousands of man hours into Altiris and carefully managed write access, *shrug*
It all goes back to planning versus reacting.
Can't for the life of me figure out why y'all fight the reload so hard.
I like the three step program::)
1) Move data
2) Identify
3) Zero and re-image
Step two is just there so the patches stay up-to-date.
I can't tell you how many hours I've saved by just nuking the shit from...
I don't know:
I worked at Apple's Fountain Colorado location for a couple years. Must have fixed every possible problem you would ever see in a 5000 series macbook,.. They closed the plant in 1995.
Then I worked for DEC building and testing SCSI arrays / Alpha workstations. DEC went tits-up...
First:
There are no "steady, secure jobs" in any technical field except medicine.
Second:
Every admin worth a crap has spent a couple years (more like five) working various levels of helldesk. It refines your ID10T detector and provides a knowledge base that you can't get anywhere else.
Boot to a linux live cd.
Create a disk image using your favorite VM.
Write zeros to every physical disk in the system using DD.
Re-Install windows.
Update the crap out of it. (No flash, no java, no acrobat, no shockwave, no office)
Install your favorite anti-crapware
Update...
I would have sworn I tried escaping those with a "\" for the prompt definition.
I guess I didn't because I just tried it again and it worked.
I had stared at that for so long that I had y/n burned on my eyeballs. Thank you.
I'm having a script die on a cisco wireless device when the prompt changes to:
Are you sure you wish to start? (y/n)
Yes, i've tried just printing a Y to the session. Didn't work.
I need a regular expression that matches the whole string.
Anybody good enough to write me a regex...
The simple solution would be a wireless bridge but you need line of sight and clean radio spectrum.
The less simple solution (but better in the long run) would be a pair of fiber links taking different routes to the building.
What kind of budget have you got?
How cheap ass do you have to be to use a half-duplex 10-BT cable in a world of GigE and PoE? Why didn't they just use a phone handset connector and save some space?
Oh that's right, 4 pin plugs cost more than RJ45 these days...
I mean seriously... damn.
The only real downfall to dynamips is the fact that it won't allow you to emulate complex switching.
... That's really only a concern for things like STP, VTP as far as CCNA goes and you can get enough from books and other switch sims to cover those holes. Then theres the WLAN problem that...
monitor session on everything but consumer level switches == MANY source ports to ONE destination ports. (umm that would kinda be the definition of "monitoring traffic")
On a 6500/7500 you can monitor until you run out of ports. You just can't have a source port as part of a destination port...
Bzzt.
I'm pretty sure that I've monitored like 30 some ports with no trouble...
Yes, my monitor port was choking pretty good. ;)
Hell, we've done wholesale monitoring at the core by dumping certain types into its own vlan, sniffing across an IP-less bridge and dumping it back onto the...
Right click the item in device manager and click properties.
Click the details tab
In the drop down menu select device instance ID
Post the long ass string that will be in the big window.
Our solution was 1240s with the Cisco WLCs and location appliance.
We run the Cisco supplicant on every device we can shoe-horn it on. This was helped by the fact that most of our legacy stuff wouldn't do WPA2. For radius we run triple A.
Works nicely... Except for the rare occasion when...
Set up a monitoring port and do a sniff.
Look at the flows timeline during the spike and go look at the cap to find the culprit.
Could be a fragmentation storm. STP freaking out. Somebody smurfing off the back side of your setup... heck. Anything.
Get wireshark and find out.
You've probably got a neighbor stomping on your signal.
A: turn on WPA and use it.
B: Find a better access point and put a couple of 6 DB antennas on it.
Other than that, You could always get powerline ethernet or go for the gusto and get wired gigabit.
What kind of a nimrod leaves net send enabled in a school?
The admin should be fricking ashamed of himself.
Aside from that. Suspension? Kind of silly for a "punishment." What they should have done is put you in a nice bright orange reflective vest and made you clean trash off the campus...
Meh, brass rods rolled up into magazines? Not my cup-o-tea. Somebody will get their ass killed.
A good 5 minute bare knuckle randori though. Now that... that's like touching the face of god.
Especially if you don't have to tap out.
I'm not thinking about mac authentication...
Monitor mode APs use MAC caching during the rogue detection process. It gives you accurate info on which rogues are internal and which are external.
(Kinda like when the old WDS APs would allow you to roam without re-authenticating)
I'm just...
We've got two controllers that are part of the same mobility group and on the same VLANs.
Will one monitor mode AP do MAC checking for both the controllers?
paint.net does just about everything I need and acrobat is too bloated to even bother with...
Adobe can put whatever ungodly EULA they want in their crapware. Don't care.
Yes and yes.
Problem is, we discovered the group bridge issue during a Sunday morning ship cycle,
The down time to convert back to autonomous and prop things up was enough to kill my credibility. The project is stalled with nobody trusting me to do anything... He offered to come back and...
Last week was a nightmare. We had a consultant that was there to basically call TAC and regurgitate their solutions.
Problem one: Older APs do not like to give up their autonomy. The cert generation process gets the date stamps wrong unless you take the UTC offset out of WCS and lie about...
Had been looking at the ds3l...
I was kinda hoping not to buy something with a F#@!%g parallel port. (I haven't used a parallel interface in 10 years)
... and why MUST I buy something with onboard sound ... Damn it!
You can't get a decent motherboard anymore.
I think I'll go...
Needs an Intel chipset, stable high-FSB support, good VRM, solid caps, vista stable audio, and a single PCIE 16x slot.
Dont want Wi-Fi.
Dont want firewire.
Dont need more than one USB root hub.
Gig-e would be nice but not required.
Don't care about RAID.
I'm fine with using a SATA...