[unisog] Automated vulnerability tests upon host to network attachment

Gary Flynn flynngn at jmu.edu
Thu May 15 00:52:58 GMT 2003


John Kristoff wrote:

>Is anyone doing or aware of someone doing automated vulnerabiity tests
>on hosts as they attach to the network.  So for example, as soon as a
>host comes online and causes an ARP entry to be created in the first hop
>router, a monitor process which watches the ARP table kicks of a job to
>automatically scan the newly connected host for something like the top
>10 SANS vulnerabilities, generating the necessary report/alert to an
>admin?
>
No, but I like the idea. :)

>There are some potential issues regarding faked ARP/IP entries, 
>

Also, a machine arps early in its boot process. The scan should delay 
some before
starting to make sure all services are started. Another consideration is 
that many
systems are built in sequences. So it may be a matter of minutes, hours, 
or days
until all the listening services are started.

Might make a good cracking tool though. Get'em before they're patched
or default services are shut down. :)




More information about the unisog mailing list