IDS mailing list archives
RE: Tracking back internal incidents to users, not IPs
From: "Cojocea, Mike (IST)" <Mike.Cojocea () watsonwyatt com>
Date: Fri, 24 Feb 2006 08:44:01 -0500
then queries your DHCP server(s) for active leases with MAC adresses,
compares the MAC address to the switch's MAC table, then queries your database/spreadsheet for jack number to switch port assignments and updates the user object via an LDAP modify command. Have a look at Netdisco (netdisco.org). It does an SNMP walk and dumps the switch ARP/IP tables into a database which you can query using CGI+Apache. I used it in a 10K host network and it helped me a lot. Using Netdisco you can track down a MAC to a port and shut down the port in a couple of seconds. Thanks, Mike ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Tracking back internal incidents to users, not IPs Charles Kaplan (Feb 21)
- Re: Tracking back internal incidents to users, not IPs Adam Powers (Feb 22)
- Re: Tracking back internal incidents to users, not IPs Kevin (Feb 22)
- Re: Tracking back internal incidents to users, not IPs John H. Sawyer (Feb 23)
- Re: Tracking back internal incidents to users, not IPs List Spam (Feb 23)
- Re: Tracking back internal incidents to users, not IPs Roland Dobbins (Feb 24)
- <Possible follow-ups>
- Re: Tracking back internal incidents to users, not IPs Michael Allgeier (Feb 22)
- RE: Tracking back internal incidents to users, not IPs Cojocea, Mike (IST) (Feb 24)
- Re: Tracking back internal incidents to users, not IPs Roland Dobbins (Feb 26)
- Re: Tracking back internal incidents to users, not IPs Jason Haar (Feb 26)