On Fri, Mar 17, 2006 at 02:41:10PM -0800, Kurt Buff wrote: > On 2 Mar 2006 23:47:59 -0000, [EMAIL PROTECTED] > <[EMAIL PROTECTED]> wrote: > > Is there a way to setup a scan and be notified of an > > intruding pc that is physically plugged into the network? > > Just one suggestion: > > Write a script that visits all of your switches/routers and gets their > tables of pairs of ports and MAC addresses, then dump them into a > database. Schedule it to do this periodically, say every 5-10 minutes. > Kind of a roll-your-own distributed arpwatch, but it's what I'm doing > by hand for our 6 48-port Cisco switches. Unfortunately, I don't have > the scripting knowledge (Expect? PERL? Something else? SNMP, telnet or > maybe some other query method?) to do this, though I know people have > done it. > > And, of course, the obligatory plea to share if you have such a script.
Hello, Just to mention : netdisco Netdisco is an Open Source web-based network management tool. Designed for moderate to large networks, configuration information and connection data for network devices are retrieved by SNMP. With Netdisco you can locate the switch port of an end-user system by IP or MAC address. Data is stored using a SQL database for scalability and speed. Cisco Discovery Protocol (CDP) optionally provides automatic discovery of the network topology. The network is inventoried by both device model and operating system (like IOS). Netdisco uses router ARP tables and L2 switch MAC forwarding tables to locate nodes on physical ports and track them by their IP addresses. For each node, a time stamped history of the ports it has visited and the IP addresses it has used is maintained. Netdisco gets all its data, including CDP topology information, with SNMP polls and DNS queries. It does not use CLI access and has no need for privilege passwords. Security features include a wire-side Wireless Access Point (AP) locator. Best regards. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
