Since the beginning of this week I'm doing test with the Rogue System Detection in ePo 4.5. Since I am not part of our network team it's more of a test.
Now I got some weird results so I decided to consult our network team. And they don't believe the results I found.
For example; I found a machine (ASUStek) with a name that is unknown to us, but also with an IP-address that can not exist in our network.
We tried to find it in all possible ways but we can not find it.
But ePo can still ping this machine.
So now we wonder how Rogue System Detection finds these machines and how we can retrace them? And also, how does the ping in ePo work? Because from our machines we can not ping this machine, but ePo can. How is this possible???
RSD sensor is, as you surely know, monitoring network traffic on the machine it is installed (which can be an everyday computer or a DHCP server in which case monitoring is somewhat different), by looking into network packets and gathering info from there. In the case of a DHCP it monitors DHCP requests, too.
As for the unusual IP, I suppose that could come from a manipulated network packet, sent by something on that computer. Or just the IP could not be revealed fully.
You did not write where you have installed your RSD sensor and how many there are and if the same LAN or in the WAN, or on the DHCP.
I'm not a network expert at all, but could n ot you find the trace of the computer that you mention by its MAC address (supposing that's not spoofed) in either of the many network device you have ?
Also: could you detail the "ping" that you refer to here? What so you mean exactly by that? What is that ePO "can ping" the computer?