RE: rogue IP address
From: Jose Guevarra (jose_at_iquest.ucsb.edu)
Date: 05/01/03
- Previous message: Burton M. Strauss III: "RE: rogue IP address"
- In reply to: dondon_at_pacbell.net: "rogue IP address"
- Next in thread: Dave: "Re: rogue IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <dondon@pacbell.net>, <security-basics@securityfocus.com> Date: Thu, 1 May 2003 10:19:43 -0700
If you can ping it with a machine on the same subnet/broadcast domain you
can check your ARP tables for the IP to MAC mapping. I'm not familiar with
Asante switches but, hopefully they can tell what port a certain MAC address
is located on.
I actually have all my machines register their MAC addresses before I
assign an IP. I've written a script that scans class C subnets and the
parses the ARP tables for new or un-registerd MAC addresses. I can then
trace them back using our HP 4000/8000 switches.
HTH
* Can someone help me with the details here.
- What topology is needed for one machine to see and store another's MAC.
Do you need some sort of physical or virtual(VLANS) 'device' that transports
ARP packets? How does that fit into Class C subnets and do other subnet
types allow for OSI Layer 1 and 2 traffic.
Please excuse my ignorance and bad wording in the matter.
thanx,
-----Original Message-----
From: dondon@pacbell.net [mailto:dondon@pacbell.net]
Sent: Wednesday, April 30, 2003 3:40 PM
To: security-basics@securityfocus.com
Subject: rogue IP address
Someone on our network assigned an IP address to their own system without
my knowledge. Using LANguard network scanner, the best I can tell is that
it's a Linux box. The port-to-IP mapping table on our Asante switch
doesn't see to work correctly.
Any suggestions on tracing down that system that is associated with the IP
is appreciated!
Andy
---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL
INCLUSIVE curriculum utilizes lectures, case studies and true hands-on
utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------
---------------------------------------------------------------------------
FastTrain has your solution for a great CISSP Boot Camp. The industry's most
recognized corporate security certification track, provides a comprehensive
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization
of pertinent security tools. For a limited time you can enter for a chance
to win one of the latest technological innovations, the SEGWAY HT.
Log onto http://www.securityfocus.com/FastTrain-security-basics
----------------------------------------------------------------------------
- Previous message: Burton M. Strauss III: "RE: rogue IP address"
- In reply to: dondon_at_pacbell.net: "rogue IP address"
- Next in thread: Dave: "Re: rogue IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
