RE: Identifying a computer

From: David Gillett (gillettdavid_at_fhda.edu)
Date: 12/03/03

  • Next message: Ben Huntley: "RE: Ad-aware" 
    To: "'Cheetah'" <cheetahx@online.no>, <security-basics@securityfocus.com>
Date: Wed, 3 Dec 2003 13:36:28 -0800

      If you can capture any of the packets with a sniffer, you should
    be able to find the source MAC address. In the usual case, the
    network switch(es) should be able to tell you which switch port
    that address originates on.
      Unless the MAC address is being spoofed, the prefix (first three
    of the six bytes) will be one assigned to the manufacturer of the
    network interface device or NIC. That can provide a pretty strong
    clue as to what sort of device you're looking for: PC, Mac, SUN,
    LinkSys router, etc.

      If your network isn't switched, this isn't going to help much.
    If there's wireless in the network (and if there are lots of users,
    one of them might have added an access point without bothering to
    tell the sysadmin!), the device might be out in the parking lot.

      If the address isn't leased via DHCP, you might just block it at
    your firewall or border router and see who complains.

    David Gillett

    > -----Original Message-----
    > From: Cheetah [mailto:cheetahx@online.no]
    > Sent: December 3, 2003 07:38
    > To: security-basics@securityfocus.com
    > Subject: Identifying a computer
    >
    >
    > Hello.
    >
    > I am helping the sysadmin on my local LAN to manage the network, etc.
    > We have limited internet-bandwidth, and therefore it is
    > necessary to make
    > sure no-one
    > is taking to much of the bandwidth, as others will not be
    > able to use the
    > internet connection.
    >
    > For the last 2 days, a new IP has appeared, and it is
    > constantly using a lot
    > of bandwidth.
    > We have a linux-server running DHCP, DNS and the
    > internet-connection. I have
    > checked the
    > dhcpd.leases file, but the IP isn't there. I have also tried
    > to ping and
    > scan this IP, but the computer
    > is running a strong firewall, shows no open ports and doesn't
    > even respond
    > to pings.
    >
    > Is there any way I can get some information out of this
    > computer without
    > running around
    > and asking everyone what their IP is?
    >
    > Tore
    >
    >
    >
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > --------------
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Ben Huntley: "RE: Ad-aware"

    Relevant Pages

    • TidBITS#794/29-Aug-05
      ... This week's issue brings a potpourri of Mac news, ... Mark Anbinder looks briefly at Google Talk, ... Adding Tiger's AirPort Preferred Network List ...
      (comp.sys.mac.digest)
    • Re: Damned MBP to Winblows wireless networking issue
      ... Leave the XP firewall off while you're ... Mac, and vice versa? ... Network Neighborhood browser? ...  Then check that the PC can ping the router. ...
      (uk.comp.sys.mac)
    • Re: Identifying a computer
      ... Stop thinking at the IP level and start thinking at the MAC level. ... But this does mean that they might still flood ping your server itself. ... Next step is to stop it from using your internal network. ... * If you dont have managed switches, now's the time to go get one. ...
      (Security-Basics)
    • Re: VPN from Mac to Windows 2000 Server
      ... needed to enable a Mac to VPN to a w2k server and browse the file shares? ... network any advice would almost be shooting in the dark. ... Be sure to ping a few ways to see what will work for you. ...
      (microsoft.public.win2000.macintosh)
    • Apples new software may steal the show
      ... Steve Jobs, Apple Computer's co-founder and performer in chief, rarely shows any reluctance to sell -- or even over-sell -- his company's accomplishments. ... Jobs spent only about five minutes talking about what I see as the big news of the day: Apple's first software for using a home network through a television screen rather than a computer monitor. ... Apple's Mac OS X, the software running all its Macintosh computers, also has built-in features for easily connecting Macs in a network. ...
      (comp.sys.mac.advocacy)