FW: Identifying a computer

["Alex Pimperton" <Alex () MAGDALENSTREET CO UK>]

The only thing I can think of, assuming you aren't running layer 3 or
managed switches, is blocking the IP from accessing the net and see who
complains...

You could also run a traffic sniffer such as ethereal on your linux
server, and see if any incriminating evidence shows up (machine name
etc)

Unless this local LAN is someplace like a university or public access
LAN, I suggest that you implement an acceptable internet use policy.
This will be much more effective in the long run than chasing up people
who consume to much bandwidth.

Thanks

Alex

> -----Original Message-----
> From: Cheetah [mailto:cheetahx () online no]
> Sent: 03 December 2003 15:38
> To: security-basics () securityfocus com
> Subject: Identifying a computer
>
> Hello.
>
> I am helping the sysadmin on my local LAN to manage the network, etc.
> We have limited internet-bandwidth, and therefore it is necessary to
make
> sure no-one
> is taking to much of the bandwidth, as others will not be able to use
the
> internet connection.
>
> For the last 2 days, a new IP has appeared, and it is constantly using
a
> lot
> of bandwidth.
> We have a linux-server running DHCP, DNS and the internet-connection.
I
> have
> checked the
> dhcpd.leases file, but the IP isn't there. I have also tried to ping
and
> scan this IP, but the computer
> is running a strong firewall, shows no open ports and doesn't even
respond
> to pings.
>
> Is there any way I can get some information out of this computer
without
> running around
> and asking everyone what their IP is?
>
> Tore
------------------------------------------------------------------------
--
> -
------------------------------------------------------------------------
--
> --



---------------------------------------------------------------------------
----------------------------------------------------------------------------