Re: Application to Automatically Map Network and Notify About Rogue Hosts?

"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:OvJ0UKfgIHA.1164@xxxxxxxxxxxxxxxxxxxxxxx
"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
news:PPednbbPi_OusE7anZ2dnUVZ_vOlnZ2d@xxxxxxxxxxxxxxx
Does any vendor make an application that passively listens to all
ethernet
segments on a computer, and then notifies the administrator if any
unauthorized IP or ethernet Mac address shows up on any segment? You
would
obviously need to feed into such an application the IPs and Mac
addresses
that are authorized for your network. But when a contractor shows up
or
someone plugs in a new computer, the administrator would know about it
the
instant it happens.

One way I would like to address this requirement is at the
switches/router.
If they were configured with the allowed hosts, perhaps something more
strong than just MAC/IP, and would for all other hosts send back
indication
of host unreachable for TCP and also forward copy of packet on to the
local
blackhole machine for all protocols.

My main requirement isn't to deny access to that traffic. My main
requirement is to get instant notification that such traffic exists. I
want to know about the behavior of people so that I can give them feedback
about what is acceptable and what is not. And if someone is acting really
outrageously I need to address that behavior.

--
Will


.