Hi,
i was wondering is it possible to have:
NET1 --- ROUTER --- NET2
/ \
/ \
NET3 NET4
and keep a machine on NET4, that would ask the router of IP/MAC pairs over
SNMP.
The problem is this, that i have a cisco router, with 4 internal networks,
and if someone does IP spoofing on NET1, with another source from NET1, i
am unable to verify if that was spoofed or not, without having a host in
that NET1 network.
What would solve my problem whould be an arpwatch like application that
would grab the MAC/IP pairs appearing on the interfaces (say over
SNMP) and keep track of them in a database, like arpwatch.
Any solutions for that?
Thanks,
Regards,
Maciej Soltysiak
