Scan for new devices on network

W

WillsterZA

Member
Joined
Nov 20, 2012
Messages
16
Reaction score
0
Hi All,

I'm am looking for software to scan my network regularly and send an email once a new unidentified device has been found

Thanks In advance
 
Sorry i was not clear enough, I have a network with over 400 PC's, it becomes very difficult to make sure no one plugs in a device on the network that could potentially be bad, i need some software that will scan the network say every 5 minutes, and pick up any devices that are not recognized on the network and send me an email
 
Why not just white list all the current PC's and black list any new ones. No need for email - user will come knocking..
 
This ^^^

You can add "trusted" devices' MAC address' to a whitelist for your DHCP server, so only these devices with these MAC address will be assigned an IP address. The problem with this solution is the person might statically assign an IP to themselves. If they do this hopefully they will want to use the internet and also assign their default gateway to that of your network. With this you might be able to trap the traffic on the 0.0.0.0 masquerade rule on the firewall and check whether the MAC from the requesting device matches up with a whitelist. If it does not, drop the traffic and send an email?

Maybe try and "hijack" the DNS ports and reroute them to your DNS server. Here you will also be able to check the MAC of the requesting device and see whether it is a "trusted" device.

Doing an active scan of all IP address in all possible subnets might take quite a while and is probably a bad idea...

EDIT: I think DNS requests over UDP are broadcast, not sure tho. If it is you might be able to sniff this traffic and detect unauthorized devices without doing it on the server/firewall/whatever

EDIT Again

How do attackers spy on your DNS queries? Answer: The packets that your computer sends through the network are physically broadcast (by wireless 802.11 or wired Ethernet) to every computer near yours, to every computer near the server, and to many computers in between
Click to expand...
http://dnscurve.org/espionage.html

So you will be able to sniff DNS queries
 
Last edited:
WillsterZA said:
Sorry i was not clear enough, I have a network with over 400 PC's, it becomes very difficult to make sure no one plugs in a device on the network that could potentially be bad, i need some software that will scan the network say every 5 minutes, and pick up any devices that are not recognized on the network and send me an email
Click to expand...

Spiceworks?
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X