Re: [fw-wiz] How to find hidden host within LAN

"desant1@xxxxxx" <desant1@xxxxxx> wrote:
The problem is that i'm not able to
identify this host within my LAN:
I can see his IP address (192.168.x.
y) and i can find his mac address througth ARP, but i can't ping it and
there is no host within my lan with this Mac address.
I can't
traceroute it.
Can someone help me to find this hidden host?

Have you tried traceroute'ing with "-I"? (Use ICMP echo instead of UDP
datagrams.) Tho you said it doesn't ping, so that'll probably not help

You can try nmap'ing it (with -P0, since it doesn't ping) to try to
find out what it is via fingerprinting (with -O).

You could examine your network switches and the like to find out what
port the offending MAC address is seen on.

If all else fails: Simply block it at the firewall. If I see something
misbehaving on my network, and I regard it as a non-threat, I'll simply
take away its connectivity. That usually results in the offending
owner/operator coming to complain to me ;).

Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <>.
firewall-wizards mailing list