[157384] in North American Network Operators' Group
RE: Detection of Rogue Access Points
daemon@ATHENA.MIT.EDU (Raymond Burkholder)
Thu Oct 18 10:11:39 2012
X-OneUnified-MailScanner-From: ray@oneunified.net
From: "Raymond Burkholder" <ray@oneunified.net>
To: "'Jonathan Rogers'" <quantumfoam@gmail.com>,
"'Jason Antman'" <jason@jasonantman.com>
In-Reply-To: <CAC47Z9kT1Q6on=DgYSJJV343OMjxq472QpnCcLNQ9b2S19KbBA@mail.gmail.com>
Date: Thu, 18 Oct 2012 11:10:07 -0300
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> I like the idea of looking at the ARP table periodically, but this
presents
> some possible issues for us. The edge routers at our remote sites are
Cisco
> 1841 devices, typically with either an MPLS T1 or a Public T1 (connected
> via an IAD owned by Centurylink; router to router, so dumb). Aside from
> manually logging in to those individual routers (all 140 or so of them)
and
> checking them on a schedule, can anyone think of a good way to capture
that
> information automatically? If I had to I could probably come up with a
> script to log in to them and scrape the info then process it but...eww.
NetDisco knows how to scan networks for mac addresses, arp addresses, ip
addresses, etc. It keeps track of deltas. It may have be able to email
deltas or something similar. Or run a query against the database, as I
seem to recall it seems to hold historical data.
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
