3 Replies Latest reply on Jan 8, 2015 3:59 PM by massdotvsolem

    RSD Source

    kenobe

      Greetings, today I see an entire new subnet of rogues in my ePO.  It's a commercial ISP who shouldn't be detected by my network so either someone connected a link they shouldn't have, or someone took a computer home and that RSD is seeing the subnet.

       

      How can I tell what the detection SOURCE was?  When running queries I see a couple different SOURCE IDs (one is 666 and one is 484)?

       

      Thanks

       

      Ken

        • 1. Re: RSD Source
          Peter M

          I think you'll more likely get answers in ePO so have moved it there.

          • 2. Re: RSD Source
            andrep1

            Sadly, they were supposed to link the detected subnet to the sensor in the latest version but never did. Your best hint is to find the sensor(s) proving the coverage. But typically, those subnets are best ignored.

            The detections could be dhcp or agent, neither of which will provide any insights.

            In the past we have seen network provider equipement showing internal addresses intenally...

            • 3. Re: RSD Source
              massdotvsolem

              Any update on this?  In some cases it is impossible to locate a detected rogue without knowing which detector found it.

               

              -Vik Solem