(RADIATOR) Fwd: UserTracking 2

Hugh Irvine hugh at open.com.au
Wed Jan 17 04:42:13 CST 2007


Hello Everyone -

Fred has kindly asked me to post this to the mailing list.

regards

Hugh



Hi,

It has been a while since I participated in this mailing list as I've  
been
on a client's site for nearly two years (!) while not having anything to
do with 802.1x or UserTracking. However, because UserTracking is still
in use on some sites I've decided (also instigated by SURFnet and Klaas
Wierenga:) to make a new release of UserTracking.

For those of you that have joined this list after I posted on here,
UserTracking 2 is a forensics tool for organisations that use 802.1x
network authentication. As you may be aware, unless you use tricks
(like UserTracking, but also other infrastructural tricks are usefull),
802.1x is layer 2, while most forensics deal with layer 3 (eg. 'Who
used this IP address on this day and time to go to such and so
website to do naughty things?').

802.1x gives us a pretty strong tool to audit network traffic at layer
2 and link all sorts of layer 2 traffic to a certain individual.  
UserTracking
gives us a tool to connect Layer 2 and Layer 3 however.

You are encouraged to try out the demo site I've set up on http:// 
usertracking.3dn.nl
(log in as user 'admin', password 'initial') and please log any bugs/ 
questions etc.
on http://uitwisselplatform.nl/projects/usertracking2. You can also  
download the
just released source from here if you are curious, and you can  
contact me if you
are having installation issues (this is still a pre-alpha release:)

UserTracking 2, while being a pre-alpha release, is already much more  
reliable
than UserTracking has ever been so don't be frightened by it being  
'pre-alpha'
software as this is mostly the case because of the lack of  
documentation, the
lack of my own 802.1x network at this time and still wanting to  
implement some
new features before going to beta.

Regards,
Fred Leeflang



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list