On Mar 31 mai 2005 17:07, Peter Surda a �crit : > On Tue, 31 May 2005 16:32:43 +0200 (CEST) "Sylvain BERTRAND" > <[EMAIL PROTECTED]> wrote: > >>apt-cache show arpwatch >>[...] >>Description: Ethernet/FDDI station activity monitor >> Arpwatch maintains a database of Ethernet MAC addresses seen on the >> network, with their associated IP pairs. Alerts the system >> administrator >> via e-mail if any change happens, such as new station/activity, >> flip-flops, changed and re-used old addresses. > Yes exactly. If they fake both MAC and IP (in case you have DHCP changing > MAC is > enough because it will take the same IP), arpwatch doesn't find any > changes. >
2 possible solutions: - check the router's ability to map a port to a mac, and detect changes on oe port - have a script check the dhcp log file to report windows netbios name change on the same IP/MAC Regards, Sylvain _______________________________________________ LARTC mailing list [email protected] http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
