RE: Identifying a computer

["Shawn Jackson" <sjackson () horizonusa com>]

        Block the IP at the router/firewall and see who complains? Did
you snif the traffic and see what they were transmitting, that could
also give you insight to who/what the system is. Another way is to get
the MAC address of the system and compare it to the vendors list
http://standards.ieee.org/regauth/oui/oui.txt. Say you know you have
Netgear on your network, a 00-09-5B prefix, and your offender has a
00-00-0C prefix. Just find that hardware, Cisco.

Shawn Jackson
Systems Administrator
Horizon USA
1190 Trademark Dr #107
Reno NV 89521
www.horizonusa.com
 
Email: sjackson () horizonusa com
Phone: (775) 858-2338
       (800) 325-1199 x338

-----Original Message-----
From: Cheetah [mailto:cheetahx () online no] 
Sent: Wednesday, December 03, 2003 7:38 AM
To: security-basics () securityfocus com
Subject: Identifying a computer

Hello.

I am helping the sysadmin on my local LAN to manage the network, etc.
We have limited internet-bandwidth, and therefore it is necessary to
make
sure no-one
is taking to much of the bandwidth, as others will not be able to use
the
internet connection.

For the last 2 days, a new IP has appeared, and it is constantly using a
lot
of bandwidth.
We have a linux-server running DHCP, DNS and the internet-connection. I
have
checked the
dhcpd.leases file, but the IP isn't there. I have also tried to ping and
scan this IP, but the computer
is running a strong firewall, shows no open ports and doesn't even
respond
to pings.

Is there any way I can get some information out of this computer without
running around
and asking everyone what their IP is?

Tore



------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------