Re: rogue IP address

From: Dave (david.morris_at_curvalue.nl)
Date: 05/02/03

  • Next message: Mark G. Spencer: "GUI's for Win32 Snort?"
    To: security-basics@securityfocus.com
    Date: Fri, 2 May 2003 09:48:54 +0200
    
    

    Hi,
        I do not know your switch, or your network layout, but generic method
    which works in most cases is to set up a fast/"large data size" ping to said
    IP address.

    Look for the fastest blinking light.

    I know it is not scientific, and probably offends some people but it does
    work. (For up to a few hundred ports).

    - Assumes flat network.
    - Better to do it at a 'quiet' time, the effect is more noticeable
    - Assumes that you are aware of your important ports (servers/routers etc.)
    which normally have high load anyway.
    - Do NOT do it if network performance is critical, you can overload the best
    of switches with ICMP.
    - Maybe there are a few ports which look like possibilities, but at least you
    have narrowed them down.

    /Dave

    On Thursday 01 May 2003 00:40, dondon@pacbell.net wrote:
    > Someone on our network assigned an IP address to their own system without
    > my knowledge. Using LANguard network scanner, the best I can tell is that
    > it's a Linux box. The port-to-IP mapping table on our Asante switch
    > doesn't see to work correctly.
    >
    > Any suggestions on tracing down that system that is associated with the IP
    > is appreciated!
    >
    > Andy
    >
    > ---------------------------------------------------------------------------
    > FastTrain has your solution for a great CISSP Boot Camp. The industry's
    > most recognized corporate security certification track, provides a
    > comprehensive prospectus based upon the core principle concepts of
    > security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and
    > true hands-on utilization of pertinent security tools. For a limited time
    > you can enter for a chance to win one of the latest technological
    > innovations, the SEGWAY HT. Log onto
    > http://www.securityfocus.com/FastTrain-security-basics
    > ---------------------------------------------------------------------------
    >-

    ---------------------------------------------------------------------------
    FastTrain has your solution for a great CISSP Boot Camp. The industry's most
    recognized corporate security certification track, provides a comprehensive
    prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
    of pertinent security tools. For a limited time you can enter for a chance
    to win one of the latest technological innovations, the SEGWAY HT.
    Log onto http://www.securityfocus.com/FastTrain-security-basics
    ----------------------------------------------------------------------------


  • Next message: Mark G. Spencer: "GUI's for Win32 Snort?"