Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Arpwatch Config Question

from [cschooley] Network Security [Permanent Link]
Subject: Arpwatch Config Question
Date: 15 Apr 2005 22:52:37 -0000 


We are running Debian Linux Woody on our IDS system that has Arpwatch 
installed.  It is monitoring our whole network.  We have a set range of IP 
addresses that we use when new computers come in that we can put a standard 
image on and then change the IP to a production IP when it is deployed.  So, 
every time a new machine comes on the network that has been imaged and then has 
it's IP changed to another IP address, I get multiple messages from Arpwatch.  
Is there a way to add an argument into the arpwatch.conf file to ignore that 
specific range of IP addresses?  

I had found a command line switch of -z iprange, but that was only available 
for version Sarge.  Any ideas on this one?

Thanks!

--------------------------------------------------------------------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds vulnerabilities, 
applications and new hosts without the need for network scanning. 
It also finds compromised systems with application-based intrusion detection. 
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Arpwatch Config Question, cschooley <=
Previous by Date:  Re: MPLS IDS question, Surasak H.
Next by Date:  Re: Sniffing split connections, Johann_van_Duyn
Previous by Thread:  IDS PhD resarch query, secure knowledge
Next by Thread:  McAfee Intrushield, Andy Cuff
Indexes:  [Date] [Thread] [Top] [All Lists]