RE: Scan for "outsider" Pcs on network

I come across a program call air-snare that is able to detect that. But you
will need to have a list of all your systems mac address. It is like an IDS
program. I believe that most of the IDS program is able to do that.


-----Original Message-----
From: dhamm@xxxxxxxxxxxxxxxxxx [mailto:dhamm@xxxxxxxxxxxxxxxxxx]
Sent: Friday, March 03, 2006 7:48 AM
To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: Scan for "outsider" Pcs on network

Is there a way to setup a scan and be notified of an intruding pc that is
physically plugged into the network? When you have an enviroment with a
large amount of network jacks, it's hard to make sure the ones no longer in
use are turned off, and that no "visitors" have sat down to use your network
connections, esp. if you have a large amount of contractors in and out. It
got me to searching the net, and so far I have found one cemmercial product
that can do it, but nothing else. Any suggestions?

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Relevant Pages

  • Re: anomaly IDS ideas ?
    ... algorithm which tries to find outliers on network traffic. ... should issue an alert if the host opens a port which wasnt open before ... Test Your IDS ... with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • Re: IDS and NMS
    ... Start by designing and installing a network. ... Next, a more detailed view of the network is required, so a NMS is ... the network administrator wants to see what ... This is where integrating the IDS console into the NMS makes sense. ...
    (Focus-IDS)
  • Re: "false positive" inanity
    ... So Mr. Snyder is asking for an IDS that does not need to be configured? ... maximum control of his/her network. ... attack. ... > assuming that it is not an intrusion. ...
    (Focus-IDS)
  • Re: Secure Network Design (DMZ, LAN, etc)
    ... I'd like one outside the firewall and one ... I assumed I could make the first IDS ... should I have the IDS listening on the 192.168.1.0/24 network as well (web ... >Since the whole world will need access to your web servers, ...
    (Security-Basics)
  • Re: which attacks will generate false positive or false negative?
    ... addresses of the servers on your network that are allowed to do DNS Zone ... you first install a Network IDS, snmpwalks may trigger from your network ... Matt brings up the point of alerts to things that didn't have any ... you're not sure of the best way to tune out false positives during your ...
    (Focus-IDS)