10-space is L..A..R..G..E (was Re: Large edu's doing NAT campus wide?

[Glenn Forbes Fleming Larratt <gl89 () CORNELL EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Might you optimize your process by polling your router infrastructure
for live ARP entries, and only scanning those?

- --
Glenn Forbes Fleming Larratt
Cornell University IT Security Office

On Mon, 30 Apr 2007, Clifford Collins wrote:

> Perhaps what I'm about to say should be forked to another discussion.
> Unlike the subject title, we are a small edu doing NAT using the large
> 10.0.0.0 private address block. As a result, I have the joy of scanning
> a large, empty space on a regular basis. This is a royal pain in the
> scanner.
>
> Am I wasting my time empirically verifying that our routers and switches
> aren't servicing rogue devices in the vastness of 16.7 million possible
> addresses? Should I only be concerned with the few dozen class C blocks
> we have assigned for official use? How do you deal with patrolling the
> alleys of your network?
>
> Clifford A. Collins
> Network Security Administrator
> Franklin University
> 201 South Grant Avenue
> Columbus, Ohio 43215
> "Security is a process, not a product"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFGNfIsLyw7nZwiKgQRApeJAKCaqjzSgoIamQ2E2yJU58aWqCs4mQCgmpqz
4+MtMcFMU2HUsWERwrU7aEA=
=k76J
-----END PGP SIGNATURE-----