Re: FW: Intrusion Detection Systems: What you Should Know

[Bill_Royds () pch gc ca]

Another benefit of Intrusion Detection Systems that wasn't mentioned is the
ability to find misconfigured hosts withing your network.
   Our network is a hub and spokes design with a fast hub network covered by
intrusion detection software. A couple of days ago I found  SNMP queries seeming
to be from a client in one region going to all machines on a subnet in another
region. It was not an attack but a misconfigured Windows 98 box. Windows 98 will
do SNMP tests on a subnet if it can't get Netbios response for name broadcasts.
The Win98 box had an incorrect subnet mask and no WINS server settings so was
broadcasting to an incorrect broadcast address.
  YEs it was a false positive, but even that alerted us to configuration
problems and allowed us to give helpdesk support in handling client queries.