Re: [fw-wiz] How to find hidden host within LAN

---

• From: "Mark" <firewalladmin@xxxxxxxxxxxxx>
• Date: Sun, 25 Nov 2007 14:57:27 -0500

---

Is the IP address within a valid range on your network or are we talking
about a foreign IP altogether?

Sounds like someone might have a personal firewall setup on their computer.
You can completely block that host from Internet access in IPTables by using
his mac and ip address. You should find out soon enough who it is when they
call the helpdesk complaining that they have no Internet access.

Depending on your LAN setup you may be able to check your mac tables on your
switches and narrow down your search from their. You can also see what
manufacturer made the network card (assuming it is not spoofed) here:

http://www.coffer.com/mac_find/


Good luck.

Mark


-----Original Message-----
From: firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx
[mailto:firewall-wizards-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of
desant1@xxxxxx
Sent: Sunday, November 25, 2007 9:42 AM
To: firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
Subject: [fw-wiz] How to find hidden host within LAN

Hi everybody
I'm using RH ES4 with iptables as gateway/firewall for my
LAN.
In the last week i notice in the iptables logs that a host within
my lan is doing a lot of traffic.
The destination/source address of the
packets and the used port suggest that this host is using peerToPeer
application (emule or similar).
The problem is that i'm not able to
identify this host within my LAN:
I can see his IP address (192.168.x.
y) and i can find his mac address througth ARP, but i can't ping it and
there is no host within my lan with this Mac address.
I can't
traceroute it.
Can someone help me to find this hidden host?
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

---

• References:
  • [fw-wiz] How to find hidden host within LAN
    • From: desant1@xxxxxx

• Prev by Date: Re: [fw-wiz] How to find hidden host within LAN
• Next by Date: Re: [fw-wiz] How to find hidden host within LAN
• Previous by thread: Re: [fw-wiz] How to find hidden host within LAN
• Next by thread: Re: [fw-wiz] How to find hidden host within LAN
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: making Samba work [Solved] ... > Microsoft uses 'domain' to describe a lan network topology interchangeably ... You can use in your LAN ... If you internally use the same mechanisms to resolve host names ... No DNS server needed then. ... (Fedora) RE: Identifying a computer ... Depending on how your network is designed, ... If your switches are dumb, you'll have to actually go and check ... machine's ARP tables to find out on what segment the host is living on. ... is block their MAC address at the border (using the iptables MAC ... (Security-Basics) Re: Identifying a computer ... Depending on how your network is designed, ... If your switches are dumb, you'll have to actually go and check ... machine's ARP tables to find out on what segment the host is living on. ... is block their MAC address at the border (using the iptables MAC ... (Security-Basics) Re: how to find hidden host within LAN ... securing wireless so some users in the adjacent office were using his ... goto each pc on your lan.. ... It will list the Mac Address of the PC. ... You can block the host using too much traffic with iptables.. ... (RedHat) Re: Using a MAC in SBS Network ... MAC's don't like .local so .lan or .office is preferred. ... There are workarounds but if the box is not in production yet a flatten and reinstall might be good. ... > Does anyone have any advice for adding a MAC to an SBS Network? ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)