Security Basics mailing list archives
Re: rogue IP address
From: "Duston Sickler" <dustons () abswebb net>
Date: Fri, 2 May 2003 12:13:01 -0500
Did LANguard give you a MAC address of the offending NIC? If so you can look for the station that way if you have documented them. You could also send an Administrative email out to all users specifying how to locate the MAC address on the OS they run and have them email you back. When you find the MAC you have your user. Good luck, Duston Sickler "There are 10 types of people in the world, those who understand binary and those who don't". ----- Original Message ----- From: "Dave" <david.morris () curvalue nl> To: <security-basics () securityfocus com> Sent: Friday, May 02, 2003 2:48 AM Subject: Re: rogue IP address Hi, I do not know your switch, or your network layout, but generic method which works in most cases is to set up a fast/"large data size" ping to said IP address. Look for the fastest blinking light. I know it is not scientific, and probably offends some people but it does work. (For up to a few hundred ports). - Assumes flat network. - Better to do it at a 'quiet' time, the effect is more noticeable - Assumes that you are aware of your important ports (servers/routers etc.) which normally have high load anyway. - Do NOT do it if network performance is critical, you can overload the best of switches with ICMP. - Maybe there are a few ports which look like possibilities, but at least you have narrowed them down. /Dave On Thursday 01 May 2003 00:40, dondon () pacbell net wrote:
Someone on our network assigned an IP address to their own system without my knowledge. Using LANguard network scanner, the best I can tell is that it's a Linux box. The port-to-IP mapping table on our Asante switch doesn't see to work correctly. Any suggestions on tracing down that system that is associated with the IP is appreciated! Andy --------------------------------------------------------------------------
-
FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies
and
true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics --------------------------------------------------------------------------
-
-
--------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ---------------------------------------------------------------------------- --------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------
Current thread:
- rogue IP address dondon (May 01)
- Re: rogue IP address Dave (May 02)
- Re: rogue IP address Duston Sickler (May 02)
- Re: rogue IP address Jeff Harris (May 05)
- Re: rogue IP address Jason Burroughs (May 07)
- Re: rogue IP address Duston Sickler (May 02)
- Re: rogue IP address Richard Caley (May 02)
- RE: rogue IP address Burton M. Strauss III (May 02)
- RE: rogue IP address Jose Guevarra (May 02)
- Re: rogue IP address Dave (May 02)
- RE: rogue IP address David Gillett (May 02)
- RE: rogue IP address Anthony (May 05)
- <Possible follow-ups>
- RE: rogue IP address Wilcox, Stephen (May 02)
- Re: rogue IP address Chris Berry (May 02)
(Thread continues...)
- Re: rogue IP address Dave (May 02)