[Snort-sigs] rules for physical intruders
Hugo van der Kooij
hvdkooij at ...481...
Sun Dec 14 00:18:01 EST 2003
On Thu, 11 Dec 2003 adam_peterson at ...2065... wrote:
> i've come up with some rules to detect dhcp requests from machines that
> are not named using our naming standard and are therefore probably not
> machines we want on our network. i've also come up with a rule to pick up
> ms active directory requests (ldap) for domains that are not ours as this
> is one of the first things a win2k+ machine does when it gets an ip.
You need arpwatch!
All email sent to me is bound to the rules described on my homepage.
hvdkooij at ...481... http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
More information about the Snort-sigs