Re: [fw-wiz] How to find hidden host within LAN




"desant1@xxxxxx" <desant1@xxxxxx> wrote:
[snip]
The problem is that i'm not able to
identify this host within my LAN:
I can see his IP address (192.168.x.
y) and i can find his mac address througth ARP, but i can't ping it and
there is no host within my lan with this Mac address.
I can't
traceroute it.
Can someone help me to find this hidden host?

Have you tried traceroute'ing with "-I"? (Use ICMP echo instead of UDP
datagrams.) Tho you said it doesn't ping, so that'll probably not help
you.

You can try nmap'ing it (with -P0, since it doesn't ping) to try to
find out what it is via fingerprinting (with -O).

You could examine your network switches and the like to find out what
port the offending MAC address is seen on.

If all else fails: Simply block it at the firewall. If I see something
misbehaving on my network, and I regard it as a non-threat, I'll simply
take away its connectivity. That usually results in the offending
owner/operator coming to complain to me ;).

Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.linxnet.com/contact/scform.php>.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards