[CentOS] antivirus sniffer/scanner for networks

Wed Apr 25 15:57:40 UTC 2007
centos at 911networks.com <centos at 911networks.com>

On Tue, 10 Oct 2006 10:38:58 -0500 (CDT)
eric at austinconventioncenter.com wrote:

> Here is the scenario:  Our network is utilized by guest users
> all the time, sometimes into the thousands. We see guests from
> all over with a variety of OSs & hardware, all of which, we have
> no control or say in that matter.
> 
> I am looking for something that I can run in promiscuous mode
> and/or on a span port that will sniff for viri and then
> alert/log when it sees a virus. We can then track down the
> culprits' ip/mac and shut off the switch port he/she is
> connected to and then visit with the guest to help them clean
> their machine.

I think that first to look at is network design. With proper
design such as vlans, secondary ip addresses, and proper dhcp
config.

I have ta similar requirement, but not as large. I have daily
guest [dozens], with vlans and dhcp they can access the internet,
but have absolutely no access or cause damage to any of the
internal resources.

-- 
Thanks
http://www.911networks.com
When the network has to work