Security Basics mailing list archives
RE: rogue IP address
From: "Jose Guevarra" <jose () iquest ucsb edu>
Date: Thu, 1 May 2003 10:19:43 -0700
If you can ping it with a machine on the same subnet/broadcast domain you can check your ARP tables for the IP to MAC mapping. I'm not familiar with Asante switches but, hopefully they can tell what port a certain MAC address is located on. I actually have all my machines register their MAC addresses before I assign an IP. I've written a script that scans class C subnets and the parses the ARP tables for new or un-registerd MAC addresses. I can then trace them back using our HP 4000/8000 switches. HTH * Can someone help me with the details here. - What topology is needed for one machine to see and store another's MAC. Do you need some sort of physical or virtual(VLANS) 'device' that transports ARP packets? How does that fit into Class C subnets and do other subnet types allow for OSI Layer 1 and 2 traffic. Please excuse my ignorance and bad wording in the matter. thanx, -----Original Message----- From: dondon () pacbell net [mailto:dondon () pacbell net] Sent: Wednesday, April 30, 2003 3:40 PM To: security-basics () securityfocus com Subject: rogue IP address Someone on our network assigned an IP address to their own system without my knowledge. Using LANguard network scanner, the best I can tell is that it's a Linux box. The port-to-IP mapping table on our Asante switch doesn't see to work correctly. Any suggestions on tracing down that system that is associated with the IP is appreciated! Andy --------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ---------------------------------------------------------------------------- --------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------
Current thread:
- rogue IP address dondon (May 01)
- Re: rogue IP address Dave (May 02)
- Re: rogue IP address Duston Sickler (May 02)
- Re: rogue IP address Jeff Harris (May 05)
- Re: rogue IP address Jason Burroughs (May 07)
- Re: rogue IP address Duston Sickler (May 02)
- Re: rogue IP address Richard Caley (May 02)
- RE: rogue IP address Burton M. Strauss III (May 02)
- RE: rogue IP address Jose Guevarra (May 02)
- Re: rogue IP address Dave (May 02)
- RE: rogue IP address David Gillett (May 02)
- RE: rogue IP address Anthony (May 05)
- <Possible follow-ups>
- RE: rogue IP address Wilcox, Stephen (May 02)
- Re: rogue IP address Chris Berry (May 02)
- RE: rogue IP address Jose Guevarra (May 02)
- Re: rogue IP address Benjamin A. Okopnik (May 05)
- Re: Rogue IP Address Alaric Darconville (May 02)
- RE: Rogue IP Address Jimmy Sansi (May 05)
- RE: Rogue IP Address Jose Guevarra (May 05)
(Thread continues...)
- Re: rogue IP address Dave (May 02)