Actually some switches will allow you to setup SNMP traps that will notify
you what ARP addresses are listening on each port. Just write some
software that keeps track of which ARP addresses are supposed to be on
which port and have it warn you when an unauthorised ethernet card is
plugged in. It should catch probably 99% of those "laptop in the crawl
space" situations.
-J
On Fri, 30 Jan 1998, Doug Wellington wrote:
> Previously:
> >> 'ifstatus' can be used to monitor NIC card(s) on a machine for
> >> promiscuous (sp?) mode. A quick search on the web should find the
> >> source.
> >This will tell you if the interface of a system you are on is running in
> >promiscous mode. It will NOT tell you if other machines, including ones
> >you may not be aware of, are running in promiscous mode.
>
> Yes, there is virtually NO way to determine if there is "a" machine on
> your net sniffing packets. Using ifstatus will tell you if one of "your"
> computers is being used for sniffing, but you won't be able to tell
> if someone has plugged in their own computer to sniff. This is a nice
> argument for putting in switched ethernet. A switch will greatly reduce
> the amount of information that can be sniffed. (Of course, if YOU are
> the one that wants to sniff, it will limit the information that you'll
> get as well...)
>
> -Doug
>
> Doug Wellington
> ddw @
nsma .
arizona .
edu
> Network and System Administrator
> ARL, Division of Neural Systems, Memory and Aging
> The University of Arizona, Tucson, AZ
> (520) 626-6023
> (520) 291-0481 pager
> (520) 626-2618 fax
>
> I DON'T buy anything from spammers, and I KEEP TRACK OF WHO SPAMS ME.
>
> I put up with ads on the TV because they pay for programming. When
> spammers pay for the Internet, then I'll start putting up with spam.
>
>
--
Jesse Brown - bextreme @
pobox .
com
References:
|
|
