Re: Strange logon attempts

In article <1150373906.722377.114680@xxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Ludovic Joly <lgr_joly@xxxxxxxxx> wrote:

Please quote context. Please see here for information on how to
do so from Google Groups: http://cfaj.freeshell.org/google/

You can also:
- sniff the packets from this machine to get extra info such as its MAC
address,

But the OP doesn't know where the machine -is-. If the OP is using
switches, they would have to at least track down which switch the
problem machine was directly attached to in order to do the
sniffing. And that's provided that the switches are managed switches
that provide packet copying services: if the switches are unmanaged,
you'd need to swap in a hub in order to do the sniffing.
.

Relevant Pages

  • RE: A Solution for sniffing
    ... Nowadays most people who sniff, sniff using tools that poison your ... arp-cache, in your switches. ... This makes the machine sniffing you the machine in the middle, ... your connection on a sniffer attempt, and that would be all you could do! ...
    (Security-Basics)
  • Re: Port trunking / link aggregation problem
    ... A port trunk always sends packets from a particular source ... A single link is designated for flooding broadcasts and packets ... As a result typical switches allow you to do load balancing based ...
    (comp.dcom.lans.ethernet)
  • Re: Detecting a swtich
    ... Some switches, such as Cisco switches, may send out proprietary ... packets such as CDP packets. ... CDP packets and the IP embedded in the CDP matches the device ... You can always try sending SNMP or RMON packets with a community ...
    (comp.security.firewalls)
  • Re: How to findout which a device (switch/hub/Router) is based on bridge implementtaion?
    ... - hubs are not able to mix speeds, so if there are a mix of 10 and 100 ... remote switches; switches are not supposed to pass on BPDU from ... hubs will transparently pass on "overlength" packets ...
    (comp.dcom.lans.ethernet)
  • Re: IP Options - alert packets?
    ... We use Cisco 2950 switches as our floor switches ... the IP Options field that I expected to be zero. ... Which probably means all of the router alert packets get process ...
    (comp.dcom.sys.cisco)