Security Basics mailing list archives
RE: Identifying a computer
From: "Shawn Jackson" <sjackson () horizonusa com>
Date: Wed, 3 Dec 2003 16:40:39 -0800
Block the IP at the router/firewall and see who complains? Did you snif the traffic and see what they were transmitting, that could also give you insight to who/what the system is. Another way is to get the MAC address of the system and compare it to the vendors list http://standards.ieee.org/regauth/oui/oui.txt. Say you know you have Netgear on your network, a 00-09-5B prefix, and your offender has a 00-00-0C prefix. Just find that hardware, Cisco. Shawn Jackson Systems Administrator Horizon USA 1190 Trademark Dr #107 Reno NV 89521 www.horizonusa.com Email: sjackson () horizonusa com Phone: (775) 858-2338 (800) 325-1199 x338 -----Original Message----- From: Cheetah [mailto:cheetahx () online no] Sent: Wednesday, December 03, 2003 7:38 AM To: security-basics () securityfocus com Subject: Identifying a computer Hello. I am helping the sysadmin on my local LAN to manage the network, etc. We have limited internet-bandwidth, and therefore it is necessary to make sure no-one is taking to much of the bandwidth, as others will not be able to use the internet connection. For the last 2 days, a new IP has appeared, and it is constantly using a lot of bandwidth. We have a linux-server running DHCP, DNS and the internet-connection. I have checked the dhcpd.leases file, but the IP isn't there. I have also tried to ping and scan this IP, but the computer is running a strong firewall, shows no open ports and doesn't even respond to pings. Is there any way I can get some information out of this computer without running around and asking everyone what their IP is? Tore ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Identifying a computer Mike (Dec 03)
- Re: Identifying a computer Paul Kurczaba (Dec 04)
- <Possible follow-ups>
- RE: Identifying a computer McGill, Lachlan (Dec 04)
- Re: Identifying a computer Jimi Thompson (Dec 08)
- FW: Identifying a computer Alex Pimperton (Dec 04)
- RE: Identifying a computer Batkin, Seva (Dec 04)
- RE: Identifying a computer Shawn Jackson (Dec 04)
- Re: Identifying a computer gregh (Dec 04)
- RE: Identifying a computer JAVIER OTERO (Dec 04)
- RE: Identifying a computer Dean Davis (Dec 08)