Security Basics mailing list archives

RE: Identifying a computer

From: Dean Davis <Dean.Davis () mbg-inc com>
Date: Mon, 8 Dec 2003 13:39:48 -0500

If it's a Windoze box, try "nbtstat -a ip_address" and see if a useful name
returns. This assumes that the typical Windoze NetBIOS-related ports are
accessible. Otherwise, the prior MAC-suggestion is a solid option.
 

Thanks,
Dean Davis, MCSE,MCDBA,CCNA,CNA,N+,Linux+
Sr. Network Engineer
MBG, Inc.
370 Lexington Avenue
New York, NY 10017
P. 212.822.4429
F. 212.822.4499
http://www.mbg-inc.com



-----Original Message-----
From: Jimi Thompson [mailto:jimit () myrealbox com] 
Sent: Saturday, December 06, 2003 3:29 PM
To: security-basics () securityfocus com
Subject: Re: Identifying a computer


You could try the old standby of turning off their port and waiting to 
see who complains about suddnely not being able to get email/surf/etc.  
In situations where things are labled sufficiently, I have found this 
tactic to be highly effective, if a bit lo-tech.

HTH,

Jimi



McGill, Lachlan wrote:

You should be able to determine their mac address from your local arp 
table and then check this mac address against the switch's arp table to 
see what switch port it is connected to. From this information, you 
should then be able to trace that port and cable connection to what 
data point they are connected to on the floor.

I hope your network is not too large to achieve this easily. :-)

-----Original Message-----
From: Cheetah [mailto:cheetahx () online no]
Sent: Thursday, 4 December 2003 2:38 AM
To: security-basics () securityfocus com
Subject: Identifying a computer


Hello.

I am helping the sysadmin on my local LAN to manage the network, etc. 
We have limited internet-bandwidth, and therefore it is necessary to 
make sure no-one is taking to much of the bandwidth, as others will not 
be able to use the internet connection.

For the last 2 days, a new IP has appeared, and it is constantly using 
a lot of bandwidth. We have a linux-server running DHCP, DNS and the 
internet-connection. I have checked the
dhcpd.leases file, but the IP isn't there. I have also tried to ping and
scan this IP, but the computer
is running a strong firewall, shows no open ports and doesn't even respond
to pings.

Is there any way I can get some information out of this computer 
without running around and asking everyone what their IP is?

Tore



-----------------------------------------------------------------------
----
---------------------------------------------------------------------------



-----------------------------------------------------------------------
----
---------------------------------------------------------------------------

 




---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

RE: Identifying a computer Mike (Dec 03)
- Re: Identifying a computer Paul Kurczaba (Dec 04)
- <Possible follow-ups>
- RE: Identifying a computer McGill, Lachlan (Dec 04)
  - Re: Identifying a computer Jimi Thompson (Dec 08)
- FW: Identifying a computer Alex Pimperton (Dec 04)
- RE: Identifying a computer Batkin, Seva (Dec 04)
- RE: Identifying a computer Shawn Jackson (Dec 04)
- Re: Identifying a computer gregh (Dec 04)
- RE: Identifying a computer JAVIER OTERO (Dec 04)
- RE: Identifying a computer Dean Davis (Dec 08)