Re: rogue IP address

From: Dave (david.morris_at_curvalue.nl)
Date: 05/02/03

  • Next message: Mark G. Spencer: "GUI's for Win32 Snort?"
    To: security-basics@securityfocus.com
    Date: Fri, 2 May 2003 09:48:54 +0200
    
    

    Hi,
        I do not know your switch, or your network layout, but generic method
    which works in most cases is to set up a fast/"large data size" ping to said
    IP address.

    Look for the fastest blinking light.

    I know it is not scientific, and probably offends some people but it does
    work. (For up to a few hundred ports).

    - Assumes flat network.
    - Better to do it at a 'quiet' time, the effect is more noticeable
    - Assumes that you are aware of your important ports (servers/routers etc.)
    which normally have high load anyway.
    - Do NOT do it if network performance is critical, you can overload the best
    of switches with ICMP.
    - Maybe there are a few ports which look like possibilities, but at least you
    have narrowed them down.

    /Dave

    On Thursday 01 May 2003 00:40, dondon@pacbell.net wrote:
    > Someone on our network assigned an IP address to their own system without
    > my knowledge. Using LANguard network scanner, the best I can tell is that
    > it's a Linux box. The port-to-IP mapping table on our Asante switch
    > doesn't see to work correctly.
    >
    > Any suggestions on tracing down that system that is associated with the IP
    > is appreciated!
    >
    > Andy
    >
    > ---------------------------------------------------------------------------
    > FastTrain has your solution for a great CISSP Boot Camp. The industry's
    > most recognized corporate security certification track, provides a
    > comprehensive prospectus based upon the core principle concepts of
    > security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and
    > true hands-on utilization of pertinent security tools. For a limited time
    > you can enter for a chance to win one of the latest technological
    > innovations, the SEGWAY HT. Log onto
    > http://www.securityfocus.com/FastTrain-security-basics
    > ---------------------------------------------------------------------------
    >-

    ---------------------------------------------------------------------------
    FastTrain has your solution for a great CISSP Boot Camp. The industry's most
    recognized corporate security certification track, provides a comprehensive
    prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
    of pertinent security tools. For a limited time you can enter for a chance
    to win one of the latest technological innovations, the SEGWAY HT.
    Log onto http://www.securityfocus.com/FastTrain-security-basics
    ----------------------------------------------------------------------------


  • Next message: Mark G. Spencer: "GUI's for Win32 Snort?"

    Relevant Pages

    • SecurityFocus Microsoft Newsletter #50
      ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ...
      (Focus-Microsoft)
    • RE: Rogue IP Address
      ... capability that you paid for when buying the switch, ... someone will holler about his network not working. ... prospectus based upon the core principle concepts of security. ... This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization ...
      (Security-Basics)
    • Re: << SBS News of the week - Sept 26 >>
      ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
      (microsoft.public.backoffice.smallbiz2000)
    • << SBS News of the week - Sept 26 >>
      ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
      (microsoft.public.windows.server.sbs)
    • Re: << SBS News of the week - Sept 26 >>
      ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
      (microsoft.public.windows.server.sbs)