Security Basics mailing list archives
Re: Identifying a computer
From: "David Glosser" <david_glosser-at-yahoo.com () securityfocus com>
Date: Thu, 18 Dec 2003 21:25:18 -0500
Since we've been hit with the latest worms too many times from users bringing in their laptop or consultants, we are giving everybody a reserved DHCP address based on their MAC address. Then we will either limit the non-reserved address pool down to a minimum and monitor it, or eliminate it alltogether. We may also run arpd and or null route the rest of the ip addresses which aren't in use on our local segment. (Of course, a smart enough user can always give themselves a static ip address from someone who isn't in the office that day...) Can you run iptraf or ntop or ngrep, determine their traffic patterns, and block outbound ports and *destination* ip address in addition to source based on Mac? Does HR have a policy against users utilizing bandwidth for non-work purposes? (You may also wish to let HR know what is going on, and perhaps they can broadcast an email reminding everybody of their acceptable-use policy. That may be enugh to scare the user off....... Good luck, and please let us know how you resolved your problem...
----- Original Message ----- From: "Cheetah" <cheetahx () online no> To: <security-basics () securityfocus com> Sent: Wednesday, December 03, 2003 3:38 PM Subject: Identifying a computerHello. I am helping the sysadmin on my local LAN to manage the network, etc. We have limited internet-bandwidth, and therefore it is necessary to
make
sure no-one is taking to much of the bandwidth, as others will not be able to use
the
internet connection. For the last 2 days, a new IP has appeared, and it is constantly using alotof bandwidth. We have a linux-server running DHCP, DNS and the internet-connection. Ihavechecked the dhcpd.leases file, but the IP isn't there. I have also tried to ping and scan this IP, but the computer is running a strong firewall, shows no open ports and doesn't even
respond
to pings. Is there any way I can get some information out of this computer without running around and asking everyone what their IP is? Tore-------------------------------------------------------------------------- - -------------------------------------------------------------------------- ----------------------------------------------------------------------------
-
--------------------------------------------------------------------------
-- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Identifying a computer, (continued)
- RE: Identifying a computer Optrics Engineering - Shaun Sturby, MCSE (Dec 03)
- Re: Identifying a computer Ranjeet Shetye (Dec 03)
- Re: Identifying a computer ~Kevin DavisĀ³ (Dec 04)
- Re: Identifying a computer Ranjeet Shetye (Dec 05)
- RE: Identifying a computer David Gillett (Dec 03)
- Re: Identifying a computer Tim Willard (Dec 03)
- RE: Identifying a computer Jason Balicki (Dec 04)
- Re: Identifying a computer Meritt James (Dec 05)
- RE: Identifying a computer Duston Sickler (Dec 04)
- Re: Identifying a computer Andy Cuff [Talisker] (Dec 04)
- Re: Identifying a computer David Glosser (Dec 19)
- Re: Identifying a computer Peter Wohlers (Dec 19)
- Re: Epithet Jimi Thompson (Dec 08)
- Re: Epithet Meritt James (Dec 08)
- Re: Epithet Jimi Thompson (Dec 11)