Tuesday, November 1, 2005

Find Rogue Shares

Iron Geek has an article about finding rogue shares within your network. The idea is aimed more at the corporate network rather than the home network. IG used Windows-based tools but you can gain similar capabilities with *nix-based tools. With a bit of Perl, you can tie MySQL to nbtscan, nmblookup, and smbclient to get (and maintain) a pretty good picture of your network. With a bit more Perl coding, you can watch for unauthorized systems being plugged into your network and, depending on the OS employed, you can even grab MAC addresses remotely (yes, from outside of the local network segment).

I still have some of the scripts laying around here. If anyone wants 'em, let me know. The majority of them are just wrappers for the tools named above, most of 'em aren't pretty.