Re: Tool for Identifying Rogue Linksys Routers
Why not arpwatch? It is tiny, simple and passive.
On 8/25/05, Matt Mercer <MattM@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> Hi Martin,
>
> >We are migrating from Lucent QIP to MetaIP for DHCP services and so
> >far we have had two issues when MetaIP has been implemented for VLAN
> >that has an unauthorized Linksys router giving out IP addresses.
>
> If you have an IDS such as Snort configured on your network, it would be
> fairly straightforward to build a configuration watching for DHCP
> traffic on specific VLANs not originating from legitimate servers (as
> defined by you, The Administrator).
>
> Find a helpful article here describing such a scenario:
>
> http://security.itworld.com/4363/ITW3542/page_1.html
>
> HTH,
>
> Matt
>
--
_________________
Paul Halliday
http://dp.penix.org
"Diplomacy is the art of saying "Nice doggie!" till you can find a rock."