Re: Identifying a computer
From: Andy Cuff [Talisker] (talisker_at_securitywizardry.com)
Date: 12/04/03
- Previous message: ~Kevin Davisł: "Re: Identifying a computer"
- In reply to: Cheetah: "Identifying a computer"
- Next in thread: David Glosser: "Re: Identifying a computer"
- Reply: David Glosser: "Re: Identifying a computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <security-basics@securityfocus.com> Date: Thu, 4 Dec 2003 07:59:49 -0000
Hi,
I've seen you've had loads of replies with suggestions of identifying the
rogue host, what you can also do is introduce a packet shaping device to
limit his bandwidth usage. This is also possible on Cisco Routers through a
QOS feature, the name of which I can't remember. Some network IPS and
firewalls can prevent certain traffic at certain times of the day which is a
useful feature.
A protocol analyser will identify what he's doing and what ports are
heavily utilised.
If you don't want to use a protocol analyser such as ethereal try a
graphical tool like Etherape which will show you all connections and more
importantly adjust the pipe size according to the quantity of traffic and
color according to the port. It's not very refined but it's FREE and I love
it !
You'll be surprised about who is talking to who, fire up MSN Messenger and
watch those pretty patterns going everywhere
-andy
Talisker Security Tools Directory
http://www.securitywizardry.com
----- Original Message -----
From: "Cheetah" <cheetahx@online.no>
To: <security-basics@securityfocus.com>
Sent: Wednesday, December 03, 2003 3:38 PM
Subject: Identifying a computer
> Hello.
>
> I am helping the sysadmin on my local LAN to manage the network, etc.
> We have limited internet-bandwidth, and therefore it is necessary to make
> sure no-one
> is taking to much of the bandwidth, as others will not be able to use the
> internet connection.
>
> For the last 2 days, a new IP has appeared, and it is constantly using a
lot
> of bandwidth.
> We have a linux-server running DHCP, DNS and the internet-connection. I
have
> checked the
> dhcpd.leases file, but the IP isn't there. I have also tried to ping and
> scan this IP, but the computer
> is running a strong firewall, shows no open ports and doesn't even respond
> to pings.
>
> Is there any way I can get some information out of this computer without
> running around
> and asking everyone what their IP is?
>
> Tore
>
>
>
> --------------------------------------------------------------------------
-
> --------------------------------------------------------------------------
-- > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: ~Kevin Davisł: "Re: Identifying a computer"
- In reply to: Cheetah: "Identifying a computer"
- Next in thread: David Glosser: "Re: Identifying a computer"
- Reply: David Glosser: "Re: Identifying a computer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
