2 Replies Latest reply on Feb 3, 2010 8:01 AM by epository

    rogue decetction and name resolution

      Hello,

      we have ePo 4.0 and the rogue system sensor 2.0.0/405. We installed it few days ago so now we have a nearly complete list of the machines in our network. We started to check for rogue machines, but we have a problem with name resolution.
      For many machines ePO/RSD does not show the computer name. This are mostly linux machines and print servers. This is strange because on the machine the rogue detection is installed on a ping -a 10.x.y.z ( ip of the dected machines ) does resolve the name.

      Does the rogue detection system or ePo only use wins nameresolution? If so linux server name detection would never work ! :eek:

      Thanks
      Andreas
        • 1. Re: rogue decetction and name resolution
          epository

          You can exempt many things like printers, phones, routers, switches.....etc by using the OUI - the MAC address space apportioned to a company - to do automatic exemptions.  Check your exemptions often and run dsquery against their names or IP's just in case.

           

          This helps clean up large networks.

           

          Also, any kind of scanner that can ID devices and spit out a MAC address list would help you winnow out the exemptions.  Superscan or Languard....etc

          • 2. Re: rogue decetction and name resolution
            epository

            nslookup works for these machines and are machines allowed to self-register in DNS?

             

            We dont have any trouble with that here.  I believe RSD pick up ARP/RARP/and DHCP requests.

             

            Best practices is to have an RSD installed on your DHCP server for best pick up.