Why not arpwatch? It is tiny, simple and passive. On 8/25/05, Matt Mercer <MattM@xxxxxxxxxxxxxxxxxxxxxx> wrote: > Hi Martin, > > >We are migrating from Lucent QIP to MetaIP for DHCP services and so > >far we have had two issues when MetaIP has been implemented for VLAN > >that has an unauthorized Linksys router giving out IP addresses. > > If you have an IDS such as Snort configured on your network, it would be > fairly straightforward to build a configuration watching for DHCP > traffic on specific VLANs not originating from legitimate servers (as > defined by you, The Administrator). > > Find a helpful article here describing such a scenario: > > http://security.itworld.com/4363/ITW3542/page_1.html > > HTH, > > Matt > -- _________________ Paul Halliday http://dp.penix.org "Diplomacy is the art of saying "Nice doggie!" till you can find a rock."
