<<< Date Index >>>     <<< Thread Index >>>

Re: Tool for Identifying Rogue Linksys Routers



Why not arpwatch? It is tiny, simple and passive.

On 8/25/05, Matt Mercer <MattM@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> Hi Martin,
> 
> >We are migrating from Lucent QIP to MetaIP for DHCP services and so
> >far we have had two issues when MetaIP has been implemented for  VLAN
> >that has an unauthorized Linksys router giving out IP addresses.
> 
> If you have an IDS such as Snort configured on your network, it would be
> fairly straightforward to build a configuration watching for DHCP
> traffic on specific VLANs not originating from legitimate servers (as
> defined by you, The Administrator).
> 
> Find a helpful article here describing such a scenario:
> 
> http://security.itworld.com/4363/ITW3542/page_1.html
> 
> HTH,
> 
> Matt
> 


-- 
_________________
Paul Halliday
http://dp.penix.org

"Diplomacy is the art of saying "Nice doggie!" till you can find a rock."