Re: [fw-wiz] How to find hidden host within LAN



desant1@xxxxxx wrote:
In the last week i notice in the iptables logs that a host within
my lan is doing a lot of traffic.
The destination/source address of the
packets and the used port suggest that this host is using peerToPeer
application (emule or similar).
The problem is that i'm not able to
identify this host within my LAN:
I can see his IP address (192.168.x.
y) and i can find his mac address througth ARP, but i can't ping it and
there is no host within my lan with this Mac address.
I can't
traceroute it.
Can someone help me to find this hidden host?

Even if you *could* ping it, how would that help you find it?When you
have a misbehaving node on a network, finding it is always a game of
"Marco Polo" :(

What you could do is set your firewall to block that IP address, and
wait for someone to yell. Sort of a game of "Marco-whack-on-the-head
Polo" :-)

Crispin

--
Crispin Cowan, Ph.D. http://crispincowan.com/~crispin
CEO, Mercenary Linux http://mercenarylinux.com/
Itanium. Vista. GPLv3. Complexity at work

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards