Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Scan for "outsider" Pcs on network

from [Craig Wright] Network Security [Permanent Link]
Subject: RE: Scan for "outsider" Pcs on network
Date: Fri, 10 Mar 2006 05:21:12 +1100 

Hi
Arpwatch will not help in many network designs. It does not span switches so 
you need to open the port to promiscuious mode. In larger switches this 
requires a faster port to be used (ie 1gb when the network is generally 100mb).
 
Also a connection is needed for each switch and segment. In large and 
geographically distributed networks this become prohibitive very quickly.
 
In small hub based collision domains this is a good product, but this situation 
is becoming rare even in home networks.
 
Next it is possible to configure a "sniffer" host to watch a collision domain 
without having been assigned a MAC address and arp watch is useless in this 
senario.
 
Regards
Craig

        -----Original Message----- 
        From: Mircea MITU [mailto:mmitu@bitdefender.com] 
        Sent: Mon 6/03/2006 9:15 PM 
        To: dhamm@jackofallgames.com; focus-ids@securityfocus.com 
        Cc: 
        Subject: Re: Scan for "outsider" Pcs on network
        
        
On Thu, 2006-03-02 at 23:47 +0000, dhamm@jackofallgames.com wrote:

Is there a way to setup a scan and be notified of an intruding pc that
is physically plugged into the network?


Sure, use arpwatch.




--
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://www.bitdefender.com/




Liability limited by a scheme approved under Professional Standards Legislation 
in respect of matters arising within those States and Territories of Australia 
where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If 
you are not the intended recipient, you must not use or disclose the 
information. If you have received this email in error, please inform us 
promptly by reply email or by telephoning +61 2 9286 5555. Please delete the 
email and destroy any printed copy.  

Any views expressed in this message are those of the individual sender. You may 
not rely on this message as advice unless it has been electronically signed by 
a Partner of BDO or it is subsequently confirmed by letter or fax signed by a 
Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments 
due to viruses, interference, interception, corruption or unauthorised access.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SNORT Testing, Stefano Zanero
Next by Date:  IDS Tuning, Naveen Sharma
Previous by Thread:  Re: Scan for "outsider" Pcs on network, Jean-Philippe Luiggi
Next by Thread:  Re: Scan for "outsider" Pcs on network, Eagle Fire
Indexes:  [Date] [Thread] [Top] [All Lists]