Security Incidents mailing list archives
Re: disinfection tool
From: Ryan Russell <ryan () securityfocus com>
Date: Mon, 6 Aug 2001 14:35:59 -0600 (MDT)
On Mon, 6 Aug 2001, Homer Wilson Smith wrote:
How does one easily track down a mac address through a maze of Cisco 1900 switches to find the port number that has the machine on it, if you know the mac address?
show cam dynamic
Doing it by hand is painful.
Indeed. I've done it, and it is a pain. I never got around to scripting it, but a cobination of show cam dynamic, show port (to determine trunk/interswitch ports) and show cdp neighbor to figure out what the IP is of that switch out that trunking port. Or, since it's Windows that is infected, do a nbtstat -a x.y.z.a, and look at the machine name and logged-in user (if any). Ryan ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: disinfection tool Mark Ng (Aug 06)
- Re: disinfection tool Alfred Huger (Aug 06)
- RE: disinfection tool Ken Pfeil (Aug 06)
- Re: disinfection tool Homer Wilson Smith (Aug 06)
- Re: disinfection tool Ryan Russell (Aug 06)
- RE: disinfection tool Rob McCauley (Aug 06)
- Re: disinfection tool Alfred Huger (Aug 06)