>We are migrating from Lucent QIP to MetaIP for DHCP services and so
>far we have had two issues when MetaIP has been implemented for VLAN
>that has an unauthorized Linksys router giving out IP addresses.
If you have an IDS such as Snort configured on your network, it would be
fairly straightforward to build a configuration watching for DHCP
traffic on specific VLANs not originating from legitimate servers (as
defined by you, The Administrator).
Find a helpful article here describing such a scenario:
>We are migrating from Lucent QIP to MetaIP for DHCP services and so
>far we have had two issues when MetaIP has been implemented for VLAN
>that has an unauthorized Linksys router giving out IP addresses.
If you have an IDS such as Snort configured on your network, it would be
fairly straightforward to build a configuration watching for DHCP
traffic on specific VLANs not originating from legitimate servers (as
defined by you, The Administrator).
Find a helpful article here describing such a scenario:
http://security.itworld.com/4363/ITW3542/page_1.html
HTH,
Matt
[ reply ]