Re: rogue IP address
From: Dave (david.morris_at_curvalue.nl)
Date: 05/02/03
- Previous message: Mark Maher: "Re: Xupiter"
- In reply to: dondon_at_pacbell.net: "rogue IP address"
- Next in thread: Duston Sickler: "Re: rogue IP address"
- Reply: Duston Sickler: "Re: rogue IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Fri, 2 May 2003 09:48:54 +0200
Hi,
I do not know your switch, or your network layout, but generic method
which works in most cases is to set up a fast/"large data size" ping to said
IP address.
Look for the fastest blinking light.
I know it is not scientific, and probably offends some people but it does
work. (For up to a few hundred ports).
- Assumes flat network.
- Better to do it at a 'quiet' time, the effect is more noticeable
- Assumes that you are aware of your important ports (servers/routers etc.)
which normally have high load anyway.
- Do NOT do it if network performance is critical, you can overload the best
of switches with ICMP.
- Maybe there are a few ports which look like possibilities, but at least you
have narrowed them down.
/Dave
On Thursday 01 May 2003 00:40, dondon@pacbell.net wrote:
> Someone on our network assigned an IP address to their own system without
> my knowledge. Using LANguard network scanner, the best I can tell is that
> it's a Linux box. The port-to-IP mapping table on our Asante switch
> doesn't see to work correctly.
>
> Any suggestions on tracing down that system that is associated with the IP
> is appreciated!
>
> Andy
>
> ---------------------------------------------------------------------------
> FastTrain has your solution for a great CISSP Boot Camp. The industry's
> most recognized corporate security certification track, provides a
> comprehensive prospectus based upon the core principle concepts of
> security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and
> true hands-on utilization of pertinent security tools. For a limited time
> you can enter for a chance to win one of the latest technological
> innovations, the SEGWAY HT. Log onto
> http://www.securityfocus.com/FastTrain-security-basics
> ---------------------------------------------------------------------------
>-
---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------
- Previous message: Mark Maher: "Re: Xupiter"
- In reply to: dondon_at_pacbell.net: "rogue IP address"
- Next in thread: Duston Sickler: "Re: rogue IP address"
- Reply: Duston Sickler: "Re: rogue IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
