RE: Tracing physical machines on DHCP networks

From: Tim Donahue (TDonahue@haynesconstruction.com)
Date: 07/15/02


From: Tim Donahue <TDonahue@haynesconstruction.com>
To: 'Blaxes' <blaxes@hotpop.com>, security-basics@security-focus.com
Date: Mon, 15 Jul 2002 12:32:26 -0400

Try the command

nbtstat -A xxx.xxx.xxx.xxx

From an 2000 box I get back the name of the computer. That might help you
trace the machine that is giving you a problem.

Tim Donahue

-----Original Message-----
From: Blaxes [mailto:blaxes@hotpop.com]
Sent: Sunday, July 14, 2002 9:44 AM
To: security-basics@security-focus.com
Subject: FW: Tracing physical machines on DHCP networks

Hi,

I noticed from my firewall logs that there is a particular machine on my
network generating a very huge amt of suspicious traffic. Having only the ip
address, I would like to track down the physical machine in my organization.

There are numerous machines on the network, and running on DHCP, I am having
a huge problem getting the mac address and the physical location of the
machine. To complicate the matter, there are some users sharing machines and
a user only requires authenticating via the firewall (LDAP) to access the
network.

Is there any ip management software that logs dhcp assignments to user
logon on at the firewall with time and date stamps ?

Thanks.



Relevant Pages

  • Re: FW: Tracing physical machines on DHCP networks
    ... I noticed from my firewall logs that there is a particular machine on my ... There are numerous machines on the network, and running on DHCP, I am ... Is there any ip management software that logs dhcp assignments to user ...
    (Security-Basics)
  • FW: Tracing physical machines on DHCP networks
    ... I noticed from my firewall logs that there is a particular machine on my ... There are numerous machines on the network, and running on DHCP, I am ... Is there any ip management software that logs dhcp assignments to user ...
    (Security-Basics)
  • RE: can ping but not browse
    ... I have stopped the firewall. ... # are safed from all (security) hazards. ... firewall/bastion host to the internet ... # internet and to an internal network, ...
    (Fedora)
  • Re: Turn off all sharing and network discovery
    ... which is basically Windows XP running as a virtual ... It does need its own AV and firewall. ... unnecessary network resource sharing and resource discovery. ...
    (microsoft.public.windowsxp.general)
  • Re: Turn off all sharing and network discovery
    ... which is basically Windows XP running as a virtual ... It does need its own AV and firewall. ... unnecessary network resource sharing and resource discovery. ...
    (microsoft.public.windowsxp.general)