IDS mailing list archives
RE: Scan for "outsider" Pcs on network
From: "Craig Wright" <cwright () bdosyd com au>
Date: Fri, 10 Mar 2006 05:21:12 +1100
Hi Arpwatch will not help in many network designs. It does not span switches so you need to open the port to promiscuious mode. In larger switches this requires a faster port to be used (ie 1gb when the network is generally 100mb). Also a connection is needed for each switch and segment. In large and geographically distributed networks this become prohibitive very quickly. In small hub based collision domains this is a good product, but this situation is becoming rare even in home networks. Next it is possible to configure a "sniffer" host to watch a collision domain without having been assigned a MAC address and arp watch is useless in this senario. Regards Craig -----Original Message----- From: Mircea MITU [mailto:mmitu () bitdefender com] Sent: Mon 6/03/2006 9:15 PM To: dhamm () jackofallgames com; focus-ids () securityfocus com Cc: Subject: Re: Scan for "outsider" Pcs on network On Thu, 2006-03-02 at 23:47 +0000, dhamm () jackofallgames com wrote:
Is there a way to setup a scan and be notified of an intruding pc that is physically plugged into the network?
Sure, use arpwatch. -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://www.bitdefender.com/ Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access.
Current thread:
- Scan for "outsider" Pcs on network dhamm (Mar 03)
- Re: Scan for "outsider" Pcs on network Mircea MITU (Mar 09)
- Re: Scan for "outsider" Pcs on network Ron Gula (Mar 11)
- Re: Scan for "outsider" Pcs on network Eagle Fire (Mar 14)
- Re: Scan for "outsider" Pcs on network Ron Gula (Mar 11)
- Re: Scan for "outsider" Pcs on network Alice Bryson (Mar 14)
- Re: Scan for "outsider" Pcs on network Kurt Buff (Mar 20)
- Re: Scan for "outsider" Pcs on network Jean-Philippe Luiggi (Mar 21)
- <Possible follow-ups>
- RE: Scan for "outsider" Pcs on network Craig Wright (Mar 11)
- Re: Scan for "outsider" Pcs on network Eagle Fire (Mar 17)
- Re: Scan for "outsider" Pcs on network auto62996 (Mar 20)
- RE: Scan for "outsider" Pcs on network Craig Wright (Mar 21)
- Re: Scan for "outsider" Pcs on network Eagle Fire (Mar 27)
- Re: Scan for "outsider" Pcs on network auto62996 (Mar 30)
- Re: Scan for "outsider" Pcs on network Mircea MITU (Mar 09)