Tools that Work…
Download
Report
Transcript Tools that Work…
Tools that Work…
…At Umass-Amherst
Scott F. Conti
Network Operations Manager
[email protected]
Copyright 2001 - Scott Conti
UMASS-Amherst Network Vital Statistics
Class B network (umass.edu - 128.119)
142 buildings
All 42 Residential buildings networked
8800 Residence hall connections (port-per-pillow)
5500 Academic building connections
900- Cisco 24 port Switches (1900 and 2900 series)
5 Cisco 6509 core switches, 2 Cisco 5500 switches
600 Off-campus dial-in modem lines
(2) DS-3 (45mb/s) commodity Internet connections
DS-3 - Internet2 connection
Copyright 2001 - Scott Conti
How do we find the port ?
Lookup IP address in DHCP server logs
Search switches for MAC address in switch
CAM tables
Lookup Jack activation record in Remedy
database
jacktrack database
Netreg database (students)
Verify correct jack
check Email logs if necessary
Copyright 2001 - Scott Conti
Remedy Jacktrack system
The Remedy AR (Action Request) system is
used to manage all aspects of Jack activation
for administrative jacks.
Activates Switch ports immediately, or sends
request to Cable Engineering for crosswiring.
Support database lookups on any identifying
field
Provides real-time statistics on request
processing.
Allows movement of workflow through
multiple departments.
Copyright 2001 - Scott Conti
Network Services Remedy Screen
Copyright 2001 - Scott Conti
Remedy Jacktrack Schema
Copyright 2001 - Scott Conti
# ./quickfind 128.119.123.198
searching for haml-198.res.umass.edu. (128.119.123.198)
Enet address for 128.119.123.198: 00:e0:98:02:4c:69
Checking if haml-198.res.umass.edu. is operating....host IS operating.
19XX, ignoring ports 25(AUI), 26(A), 27(B):
00:e0:98:02:4c:69 found on haml-sw-210-1, 21
getting room number from OIT/NSS Jack Tracking 000000000013649...
Building and Room: HAML 427
===========================================================
1 Building
:
HAML
10 Switch Port
:
21
2 Room Number
:
427
3 Jack Number
:
4-1-21
4 Jack Letter
:
C
5 Last Name
:
TUTHILL
6 First Name
:
RICK
7 Phone Number :
5-9726
8 UMAccess acct :
tuthill
9 Name
:
haml-sw-210-1
===========================================================
1 Building
:
HAML
10 Switch Port
:
13
2 Room Number
:
427
3 Jack Number
:
4-1-21
4 Jack Letter
:
D
5 Last Name
:
MISRA
6 First Name
:
CHRISTOPHER
7 Phone Number :
5-9721
8 UMAccess acct :
crispy
9 Name
:
haml-sw-210-4
===========================================================
IP address :
Enet address:
Lease Starts:
Lease Ends :
Lease Client:
#
128.119.123.198
00:e0:98:02:4c:69
1999/12/09 15:59:06;
1999/12/14 15:59:06;
"Mole";
Netreg
Developed by Southwestern University
http://www.southwestern.edu/ITS/netreg/
Works by issuing a temporary “non-routable”
DHCP lease until the user registers the MAC
address of the machine.
Spoofs all DNS queries to registration server.
Once registered, user can obtain a normal
DHCP issued IP address.
Copyright 2001 - Scott Conti
Netreg - Subnet Overview
Copyright 2001 - Scott Conti
Netreg – Subnet Details
Copyright 2001 - Scott Conti
Netreg - Lease Information
Copyright 2001 - Scott Conti
Netreg – User Information
Copyright 2001 - Scott Conti
Systool
Systool is a web-front end that runs
PERL scripts that parse the Cisco Log
files.
Router Tool – queries router logs
Dialup Tool – queries AS5800 Accessserver dial-in logs.
Copyright 2001 - Scott Conti
Systool – Router Tool Query
Copyright 2001 - Scott Conti
Systool – Router Tool
Copyright 2001 - Scott Conti
Systool – Router Tool Top Ten
Copyright 2001 - Scott Conti
Honeypot systems
A Honeypot system is a deception tool that allows
a cracker to attack a “vulnerable system”.
The system can be a “real” or a “virtual” machine.
(Straight Linux or UML)
Intrusion Detection system sits nearby and logs
hacking attempts.
At Umass – we move our Honeypot around to
different subnets.
Check out - http://project.honeynet.org
Copyright 2001 - Scott Conti
Incident Database - Console
Copyright 2001 - Scott Conti
Incident Database – Query
Copyright 2001 - Scott Conti
Trend – Top Talkers
Copyright 2001 - Scott Conti
“The Packet of Shame”
Copyright 2001 - Scott Conti
Thank You !
Scott F. Conti
University of Massachusetts-Amherst
[email protected]
413-545-9625
Copyright 2001 - Scott Conti
SANS ECN – Emergency
Communications Network !
If you are an amateur radio operator
and interested in participating in the
SANS Emergency Communications
Network project - please talk to me at
the break or send me Email at:
[email protected]
Copyright 2001 - Scott Conti