RSD was deployed in our enterprise prior to my arrival.
Subnets seem to come and go uncovered.
I've seen no real rhyme or reason to explain it.
Being of a solid background in networking what i do see out of the ordinary here is our use of very large broadcast networks.
By this i mean i have a single user vlan at a remote site that is a /19 (8k hosts)!!
My knowledge of Host based security is that it is just concerned with itself and its immediate vicinity or its broadcast subnet.
I've also read that the RSD Sensor ARP only supports 512 entries.
When ARP reaches 513 it starts back at 1.
If this is true it would seem to be a physical improbability for RSD Sensors to work in such a large broadcast.
Has anybody seen this before?
Have you seen any documentation that addresses this??