Snort mailing list archives
Re: Alert on new IP in use?
From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 01 Aug 2005 21:33:21 -0400
Rich Adamson wrote:
Rich Adamson wrote:Looking for a way to monitor a small banking network and generate an alert when an unused IP address is observed. The current IP's are not consecutive. Example: we have 26 static IP addresses assigned to workstations and servers. If a 27th (or greater) address appears on the wire, generate an alert. (Note: not very interested in watching MAC addresses as some of the IP's are behind another layer-3 device.) Thoughts?Arpwatch.Isn't arpwatch oriented around MAC addresses? I've assumed it probably wouldn't cut it since some of the IP's are located behind another layer-3 device thus creating multiple IP's associated with a single MAC. Am I off base here?
Whoops, missed the "behind another layer-3 device" part.. ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alert on new IP in use? Rich Adamson (Aug 01)
- Re: Alert on new IP in use? Matt Kettler (Aug 01)
- Re: Alert on new IP in use? Rich Adamson (Aug 01)
- Re: Alert on new IP in use? Matt Kettler (Aug 01)
- Re: Alert on new IP in use? Rich Adamson (Aug 01)
- Re: Alert on new IP in use? James Riden (Aug 01)
- Re: Alert on new IP in use? Jason Benway (Aug 03)
- Re: Alert on new IP in use? James Riden (Aug 03)
- Re: Alert on new IP in use? Jason Benway (Aug 09)
- Re: Alert on new IP in use? Jason Benway (Aug 03)
- Re: Alert on new IP in use? Matt Kettler (Aug 01)
- Re: Alert on new IP in use? Jeff Coppock (Aug 02)
- <Possible follow-ups>
- RE: Alert on new IP in use? Williams Jon (Aug 01)
- Re: Alert on new IP in use? Daniel Cid (Aug 01)
- Re: Alert on new IP in use? Donofrio, Lewis (Aug 04)