[Snort-users] Alert on new IP in use?

Rich Adamson radamson at ...2127...
Mon Aug 1 05:22:38 EDT 2005


Looking for a way to monitor a small banking network and generate
an alert when an unused IP address is observed. The current IP's are
not consecutive.

Example: we have 26 static IP addresses assigned to workstations and
servers. If a 27th (or greater) address appears on the wire, generate
an alert. (Note: not very interested in watching MAC addresses as some
of the IP's are behind another layer-3 device.)

Thoughts?






More information about the Snort-users mailing list