Network monitoring
Mario Spinthiras
spinthiras.mario at gmail.com
Mon Jul 28 16:49:43 UTC 2008
zenoss
On Mon, Jul 28, 2008 at 6:43 PM, Bart Silverstrim <bsilver at chrononomicon.com
> wrote:
> Dan Farrell wrote:
> > On Sun, 27 Jul 2008 19:49:49 -0400
> > Bart Silverstrim <bsilver at chrononomicon.com> wrote:
> >
> >> Does anyone here have a program, preference, configuration,
> >> recommendation...etc...for monitoring your own network for what
> >> machines are connected to it, as in auditing for people that may
> >> have connected with unauthorized hardware somewhere or at least log
> >> when machines are on the wifi or wired network when that network is
> >> too small to have a managed switch or managed WAP?
> >>
> >
> > It depends on the hardware that provides your wifi Access Point and your
> > internet router. It's pretty unlikely on a small network that somebody
> > could plug a network cable in to your network without your noticing
> > it, but wireless network connections are of course much less
> > transparent.
> >
> > For these I would recommend looking into the options your AP gives
> > you. If your wireless AP allows you some access, it will probably show
> > you the list of wireless devices connected to it. If not, an
> > option might be to look at DHCP leases on your DHCP server, but this
> > may not be a perfect solution, because uninvited visitors could use a
> > static configuration instead.
> >
> > The fail-safe solution would be to use
> > an internet gateway with good reporting (like a linux compuer!) that
> > can show you the traffic going through your internet connection, where
> > it's from, and where it's headed. You can then see if there's any
> > traffic you don't expect, and start to track down it's source.
> >
> > I would highly recommend using WPA on your wireless AP so you don't
> > have to worry about unauthorized access.
> >
> > Unfortunately, if your AP doesn't tell you these things, and you can't
> > get the information from another piece of hardware between the AP and
> > the internet connection, and you aren't on the same collision domain as
> > the AP (eg a hub rather than a switch) your only option is probably to
> > change your network topology to interpose a better statistics generator
> > between potential untrusted network segments and the internet.
>
> This AP does have SNMP (disabled at the moment) and does track
> associations made to it; the component I'm kind of missing is polling it
> periodically and reporting back to me...perhaps the suggestion of SNMP
> might work? I just need help cobbling together scripts to do this if I
> do that route, though.
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
--
Warm Regards,
Mario A. Spinthiras
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20080728/41ab1d7f/attachment.html>
More information about the ubuntu-users
mailing list