RE: rogue IP address

["Jose Guevarra" <jose () iquest ucsb edu>]

  If you can ping it with a machine on the same subnet/broadcast domain you
can check your ARP tables for the IP to MAC mapping.  I'm not familiar with
Asante switches but, hopefully they can tell what port a certain MAC address
is located on.

 I actually have all my machines register their MAC addresses before I
assign an IP. I've written a script that scans class C subnets and the
parses the ARP tables for new or un-registerd MAC addresses. I can then
trace them back using our HP 4000/8000 switches.

HTH

* Can someone help me with the details here.

  - What topology is needed for one machine to see and store another's MAC.
Do you need some sort of physical or virtual(VLANS) 'device' that transports
ARP packets?  How does that fit into Class C subnets and do other subnet
types allow for OSI Layer 1 and 2 traffic.

 Please excuse my ignorance and bad wording in the matter.

thanx,

-----Original Message-----
From: dondon () pacbell net [mailto:dondon () pacbell net] 
Sent: Wednesday, April 30, 2003 3:40 PM
To: security-basics () securityfocus com
Subject: rogue IP address




Someone on our network assigned an IP address to their own system without 
my knowledge.  Using LANguard network scanner, the best I can tell is that 
it's a Linux box.  The port-to-IP mapping table on our Asante switch 
doesn't see to work correctly.

Any suggestions on tracing down that system that is associated with the IP 
is appreciated!

Andy

---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most

recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL
INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 
----------------------------------------------------------------------------


---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------