IDS mailing list archives
Arpwatch Config Question
From: <cschooley () optivel com>
Date: 15 Apr 2005 22:52:37 -0000
We are running Debian Linux Woody on our IDS system that has Arpwatch installed. It is monitoring our whole network. We have a set range of IP addresses that we use when new computers come in that we can put a standard image on and then change the IP to a production IP when it is deployed. So, every time a new machine comes on the network that has been imaged and then has it's IP changed to another IP address, I get multiple messages from Arpwatch. Is there a way to add an argument into the arpwatch.conf file to ignore that specific range of IP addresses? I had found a command line switch of -z iprange, but that was only available for version Sarge. Any ideas on this one? Thanks! -------------------------------------------------------------------------- Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. --------------------------------------------------------------------------
Current thread:
- Arpwatch Config Question cschooley (Apr 19)