16 May
2014
16 May
'14
2:09 a.m.
On 05/15/2014 01:45 PM, Tim Chown wrote:
In general, the "detection/reaction type of tools" (as opposed to a "prevention-oriented" security approach) haven't proven their usefullness too much in the past.
The reason we knocked up RAmond was to handle accidental rogue RAs, usually caused by Windows ICS at the time. I think we saw that over the course of a year there was a rogue RA somewhere on our WLAN around 50% of the time. So I would say it was very useful, for that type of incident.
Agreed. It's certainly useful for the non-attack case. -- Fernando Gont SI6 Networks e-mail: fgont@si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492