IDS mailing list archives

RE: Scan for "outsider" Pcs on network

From: "Craig Wright" <cwright () bdosyd com au>
Date: Fri, 10 Mar 2006 05:21:12 +1100


Hi
Arpwatch will not help in many network designs. It does not span switches so you need to open the port to promiscuious 
mode. In larger switches this requires a faster port to be used (ie 1gb when the network is generally 100mb).
 
Also a connection is needed for each switch and segment. In large and geographically distributed networks this become 
prohibitive very quickly.
 
In small hub based collision domains this is a good product, but this situation is becoming rare even in home networks.
 
Next it is possible to configure a "sniffer" host to watch a collision domain without having been assigned a MAC 
address and arp watch is useless in this senario.
 
Regards
Craig

        -----Original Message----- 
        From: Mircea MITU [mailto:mmitu () bitdefender com] 
        Sent: Mon 6/03/2006 9:15 PM 
        To: dhamm () jackofallgames com; focus-ids () securityfocus com 
        Cc: 
        Subject: Re: Scan for "outsider" Pcs on network
        
        
On Thu, 2006-03-02 at 23:47 +0000, dhamm () jackofallgames com wrote:

Is there a way to setup a scan and be notified of an intruding pc that
is physically plugged into the network?


Sure, use arpwatch.




--
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://www.bitdefender.com/




Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy.  

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

Current thread:

Scan for "outsider" Pcs on network dhamm (Mar 03)
- Re: Scan for "outsider" Pcs on network Mircea MITU (Mar 09)
  - Re: Scan for "outsider" Pcs on network Ron Gula (Mar 11)
    - Re: Scan for "outsider" Pcs on network Eagle Fire (Mar 14)
- Re: Scan for "outsider" Pcs on network Alice Bryson (Mar 14)
- Re: Scan for "outsider" Pcs on network Kurt Buff (Mar 20)
  - Re: Scan for "outsider" Pcs on network Jean-Philippe Luiggi (Mar 21)
- <Possible follow-ups>
- RE: Scan for "outsider" Pcs on network Craig Wright (Mar 11)
- Re: Scan for "outsider" Pcs on network Eagle Fire (Mar 17)
- Re: Scan for "outsider" Pcs on network auto62996 (Mar 20)
- RE: Scan for "outsider" Pcs on network Craig Wright (Mar 21)
  - Re: Scan for "outsider" Pcs on network Eagle Fire (Mar 27)
- Re: Scan for "outsider" Pcs on network auto62996 (Mar 30)