[Snort-users] Rogue system detection

Harry Hoffman hhoffman at ...10275...
Tue Apr 26 10:28:21 EDT 2005


arpwatch is quite good for this sort of thing

John Hally wrote:
> Hello All,
> 
>  
> 
> I have a question that's not necessarily a snort thing, but I have no 
> idea what other list to ask, so here goes.  What are people using out 
> there for rogue system detection?  I'm trying to figure out how to 
> passively detect when a 'new' system comes online in the local network 
> and possibly detect the os and such.  I imagine the tool would have to 
> be able to match MAC addresses to deal with changing addresses and DHCP, 
> along with report/alert when something new comes online.  Maybe RNA?
> 
>  
> 
> Thanks in advance!
> 
>  
> 
> John H.
> 




More information about the Snort-users mailing list