Re: rogue IP address
From: Richard Caley (rjc_at_caley.org.uk)
Date: 05/01/03
- Previous message: Mark G. Spencer: "GUI's for Win32 Snort?"
- In reply to: dondon_at_pacbell.net: "rogue IP address"
- Next in thread: Burton M. Strauss III: "RE: rogue IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <dondon@pacbell.net> Date: 01 May 2003 18:30:05 +0100
In article <20030430224002.18480.qmail@www.securityfocus.com>, dondon (d) writes:
d> Any suggestions on tracing down that system that is associated with the IP
d> is appreciated!
Well, to be old fashoned, start a ping, then pull and replace plugs
until you spot the one which causes the ping to miss a beat. You
should be able to walk down a tree of hubs/switches like that in less
time than working out a smarter plan.
Great big signs at all staff toilets threatening mayhem to whoever it
is if they don't own up within the week.
If it's a fairly out-of-the-box linux instalation it may be running
sendmail, which may give you a way to contact the person responsible
if they read mail sent to root.
Perhaps you can block that IP at some firewall or router, then wait to
see who calls support to say their network connection has died.
If you can sniff packets, perhaps you can spot what they are doing, if
so that may give a clue who they are, or at least a clue as to
services they are using. From there you could, for instance, tell a
file server they are using to reject connections from that IP and
again wait for them to complain.
The fun story-to-tell-in-the-pub way would be to find out what sort of
linux it is, find a recent security report and crack the
machine. Probably not worth the effort, but nice to think about when
pulling plugs and planning the mayhem to apply when you find them.
--
Mail me as MYFIRSTNAME@MYLASTNAME.org.uk _O_
|<
---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------
- Previous message: Mark G. Spencer: "GUI's for Win32 Snort?"
- In reply to: dondon_at_pacbell.net: "rogue IP address"
- Next in thread: Burton M. Strauss III: "RE: rogue IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
