RE: Network "Change Management"

You can restrict DHCP to an allowed list of MAC addresses, but what
about the laptops using random IP addresses?, you can know that is the
gateway or DNS just sniffing the network, getting broadcast packages.

Even if you restrict your DHCP to an allowed list of MACs you will need
to monitor the activity, I recommend using arpwatch on the
gateway/firewall, and restrict as much as posible on your firewall.

On Thu, 2004-09-16 at 15:15, Evan Pierce wrote:
> Dave
>
> Why not rather restrict DHCP to an allowed list of MAC addresses? And lock a
> specific port onto a specific MAC address or if you have too many users that
> are mobile (plug into many different ports) use EAP or 802.1x authentication
> from the switch to a Radius server and block things that way. Most modern
> switches will allow this.
>
> Thanks
> Evan
>
> -----Original Message-----
> From: Dave Torre [mailto:dtorre@fostercity.org] 
> Sent: 14 September 2004 07:53 PM
> To: focus-linux@securityfocus.com
> Subject: Network "Change Management"
>
> Does anyone know of a Linux utility that can watch the MAC address tables in
> Cisco switches and alert admins as to when a new device has been plugged in?
>
> Basically, we have your standard client network with DHCP. Internet access
> is restricted to authenticated users, and so are the file shares.
> However, we've had a few instances where people just plug in their personal
> laptops which makes me very worried...
>
> Any thoughts/suggestions as to how I can monitor such events in real time?
>
> Thanks,
> -Dave
--
Jose Hidalgo
PGP: 15524480
jose at hostarica.com
http://www.hostarica.com