Security Basics mailing list archives
Re: rogue IP address
From: Richard Caley <rjc () caley org uk>
Date: 01 May 2003 18:30:05 +0100
In article <20030430224002.18480.qmail () www securityfocus com>, dondon (d) writes:
d> Any suggestions on tracing down that system that is associated with the IP
d> is appreciated!
Well, to be old fashoned, start a ping, then pull and replace plugs
until you spot the one which causes the ping to miss a beat. You
should be able to walk down a tree of hubs/switches like that in less
time than working out a smarter plan.
Great big signs at all staff toilets threatening mayhem to whoever it
is if they don't own up within the week.
If it's a fairly out-of-the-box linux instalation it may be running
sendmail, which may give you a way to contact the person responsible
if they read mail sent to root.
Perhaps you can block that IP at some firewall or router, then wait to
see who calls support to say their network connection has died.
If you can sniff packets, perhaps you can spot what they are doing, if
so that may give a clue who they are, or at least a clue as to
services they are using. From there you could, for instance, tell a
file server they are using to reject connections from that IP and
again wait for them to complain.
The fun story-to-tell-in-the-pub way would be to find out what sort of
linux it is, find a recent security report and crack the
machine. Probably not worth the effort, but nice to think about when
pulling plugs and planning the mayhem to apply when you find them.
--
Mail me as MYFIRSTNAME () MYLASTNAME org uk _O_
|<
---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case
studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------
Current thread:
- rogue IP address dondon (May 01)
- Re: rogue IP address Dave (May 02)
- Re: rogue IP address Duston Sickler (May 02)
- Re: rogue IP address Jeff Harris (May 05)
- Re: rogue IP address Jason Burroughs (May 07)
- Re: rogue IP address Duston Sickler (May 02)
- Re: rogue IP address Richard Caley (May 02)
- RE: rogue IP address Burton M. Strauss III (May 02)
- RE: rogue IP address Jose Guevarra (May 02)
- Re: rogue IP address Dave (May 02)
- RE: rogue IP address David Gillett (May 02)
- RE: rogue IP address Anthony (May 05)
- <Possible follow-ups>
- RE: rogue IP address Wilcox, Stephen (May 02)
- Re: rogue IP address Chris Berry (May 02)
- RE: rogue IP address Jose Guevarra (May 02)
- Re: rogue IP address Benjamin A. Okopnik (May 05)
- Re: Rogue IP Address Alaric Darconville (May 02)
(Thread continues...)
- Re: rogue IP address Dave (May 02)