[unisog] Ciscoworks database dump -- WAS: [RE: DMCA notices..]

Michael Holstein michael.holstein at csuohio.edu
Thu Nov 9 16:03:48 GMT 2006

Found it ..


you're looking for the 'cwinvcreport' command. It appears the latest 
version also allows you to email it (older one didn't .. thus I used 
BLAT to do that).

Just set it as a scheduled task to run ~15min or so after you tell 
Ciscoworks to do a discovery (depending of course on how long your 
environment takes to do a complete discovery .. we do it every 4hrs and 
it takes ~10min to run).

Again .. if anyone wants the perlscripts I wrote to stick that into 
MySQL (it imports most of the fields you'd want .. you can tweak to your 
own specs) and the MySQL schema .. hit me off-list.


Michael Holstein CISSP GCIA
Cleveland State University

David Lundy wrote:
> All:
>      I've thought about collecting information from CiscoWorks to keep
> track of our DHCP assignments to do historical tracking, but have do not
> have information on how to extract this information automatically on a
> scheduled basis.  If someone else is doing scheduled data extraction
> from CiscoWorks, I'd appreciate information on how you are doing this.
> David Lundy
> ----
> David Lundy
> Acting IT Security Officer
> University of the Pacific
> Stockton, CA 95211
> Email: dlundy at pacific.edu
> Voice: 209-946-3951
> Fax: 209-946-2898
>>>> Stephen C Woods <scw at seas.ucla.edu> 11/08/06 1:00 PM >>>
>   As a general case you should keep a list of IP + mac + last time
> this
> combo was seen:
> 00:0d:56:12:4e:6e 200611081211  YYYYMMDDHHmm
> 00:14:38:9f:dc:41 200607101207
>     Note: gathering IP/MAC pairs (sort -u is usefull here)
> and process them hourly is probably sufficent.   It helps to have
> a single router, otherwise you need to do some 'clever' filtering.
> <scw>
> On Wed, Nov 08, 2006 at 03:57:23PM -0500, George C. Russ wrote:
>> arp cache on routers will tell you. keep a history. cattools.
>> George
>> -----Original Message-----
>> From: unisog-bounces at lists.dshield.org 
>> [mailto:unisog-bounces at lists.dshield.org] On Behalf Of Dave Dittrich
>> Sent: Tuesday, October 31, 2006 12:07 PM
>> To: UNIversity Security Operations Group
>> Subject: Re: [unisog] another round of bogus DMCA notices
>> Michael Holstein wrote:
>>> I know this has happened several times in the past, but today I got
> a 
>>> round of DMCA notices for non-existent IP addresses.
>>> Is anybody saving these and their supporting evidence (that
> they're
>> bogus)?
>> What do you mean by "bogus" or "non-existent?"  If the IP addresses
>> are valid within your netblocks, but are just not active at the time
>> you look (or you are just doing "ping IP-ADDRESS" to verify, I
>> would assume some clever miscreant has simply decided to start
>> doing short-lived IP aliasing, firewalling, or something else
>> designed to make verification of piracy harder.  You may have
>> to start logging traffic across your border to verify the claim.
>> -- 
>> Dave Dittrich                          Information Assurance
> Researcher,
>> dittrich at u.washington.edu              The iSchool
>> http://staff.washington.edu/dittrich   University of Washington
>> PGP key      http://staff.washington.edu/dittrich/pgpkey.txt 
>> Fingerprint  FE97 0C57 0843 F3EB 49A1  0CD0 8E0C D0BE C838 CCB5
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.dshield.org 
>> https://lists.sans.org/mailman/listinfo/unisog 
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.dshield.org 
>> https://lists.sans.org/mailman/listinfo/unisog 

More information about the unisog mailing list