-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I manage a small business network, and would like to put some simple monitoring in place (to avoid things like rogue wireless APs), but don't want to deny access by default, which is the way most of the stuff I've seen works.
Ideally, I'm thinking something that keeps track of MAC addresses seen by the firewall/router (running linux, of course!), compares the MAC address with a list of 'known' addresses, and e-mails me when a new MAC shows up would work pretty well. Sniffing ARP packets should be a good way to collect MAC addresses without requiring excessive CPU resources, sniffer ports on my switch, etc.
Does this sound reasonable to anyone else?
Does anyone know of a pre-existing program that would do this, or is it something I'm going to have to roll on my own?
Any better ideas for keeping track of what's actually plugged in and talking on a network while still 'playing nice' and generally trusting the user base?
- -- Charles Steinkuehler [email protected]