Security Basics mailing list archives
RE: How to find a changing IP on ethernet network
From: "patrick" <patrick () curioustechnology com>
Date: Thu, 26 Feb 2004 10:52:00 -0800
I just wanted to comment- if you're concerned about rogue users plugging into your network, DHCP can't be used to provide a security deterrent solution. The point of DHCP is ease of network management- users can plug machines into a network without network admins performing address management. DHCP is not a solution that will keep people from just plugging in. You can't have it both ways. Here's the way I would approach the problem: 1) get mac addresses for registered users and port addresses 2) assign an IP address to them manually and have them configure the nic directly. 3) configure vlans for specific individuals using mac/network port combinations. (NOTE THAT THIS DOESN'T DEFEND AGAINST MAC SPOOFERS!) This will deter casual troublemakers, but it's not a 'secure' solution. You can also use this solution to verify who's changing IP addresses with a great deal of certainty using the ARP commands that have already been referenced. This is an example of physical security being a prerequisite for your needs. -----Original Message----- From: Bhavani Suresh [mailto:bhavani.suresh () adnoc-dist co ae] Sent: Wednesday, February 25, 2004 2:36 AM To: Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA; security-basics () securityfocus com Subject: RE: How to find a changing IP on ethernet network Following up this..i want to know at the network level any software can bind the MAC Addresses to the ports (and to take current MAC Addresses in the network automatically)so that no new ip address can be allocated without the consent of the network admin. This will also ensure security so that non one just plugs in a pc or laptop.. Any idea.. -----Original Message----- From: Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA [mailto:lists () infostruct net] Sent: Saturday, February 21, 2004 20:12 To: security-basics () securityfocus com Subject: Re: How to find a changing IP on ethernet network Ivan, This is an interesting situation. Here are a few possible ways to address it: 1. Send an e-mail to the user community explaining the problem and asking them to leave their IP address configurations alone. 2. In case you don't know, as the new system boots it announces its IP address to the network. If another system already has that IP address, it will reply and the new system will shut down the interface running the duplicate IP. a. From the new system, run the arp command (arp -a). C:\> arp -a Interface: 192.168.2.100 --- 0x20002 Internet Address Physical Address Type 192.168.2.1 00-06-25-c0-93-65 dynamic This will list the IP address and associated MAC (hardware) address (e.g. 00-06-25-c0-93-65). b. Now all you need to do is find out which system has that MAC address: C:\> ipconfig /all (output abbreviated) Physical Address. . . . . . . . . : 00-06-25-c0-93-65 3. You could also use tcpdump or windump (http://windump.polito.it) to sniff the network traffic for that specific IP and view the resulting dump file with Ethereal (http://www.ethereal.com). This is a bit advanced for the average user. If you have any additional questions, please do not hesitate to contact me. Kind regards, Gideon Gideon T. Rasmussen CISSP, CISM, CFSO, SCSA Boca Raton, FL gideon () infostruct net National Security Awareness Day - September 10, 2004 - Are you aware? Subject: How to find a changing IP on ethernet network From: Ivan Andres Hernandez Puga <ivan.hernandez () globalsis com ar> Date: Fri, 20 Feb 2004 11:54:29 -0300 To: security-basics () securityfocus com Hello. I have a client with a simple Ethernet network with HUB's connecting and there is one person that is changing it's IP and creating conflicts. What would you do to track down that person? i mean, to find who does that? Thanks! Ivan Hernandez ------------------------------------------------------------------------ --- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 ------------------------------------------------------------------------ ---- ************************************************************ Please note that our domain name has been changed to: adnoc-dist.ae; Hence please change the email ID to reflect the new domain name. This communication may contain confidential information. If you are not the intended recipient, then please inform us immediately. Adnoc Distribution-Tel:02-6771300 Fax:02-6722322 Email:webmaster () adnoc-dist ae Website: www.adnoc-dist.ae This message was scanned @ Adnoc distribution ************************************************************ ************************************************************ Please note that our domain name has been changed to: adnoc-dist.ae; Hence please change the email ID to reflect the new domain name. This communication may contain confidential information. If you are not the intended recipient, then please inform us immediately. Adnoc Distribution-Tel:02-6771300 Fax:02-6722322 Email:webmaster () adnoc-dist ae Website: www.adnoc-dist.ae This message was scanned @ Adnoc distribution ************************************************************ --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: How to find a changing IP on ethernet network, (continued)
- Re: How to find a changing IP on ethernet network Cesar Osorio (Feb 24)
- Re: How to find a changing IP on ethernet network H Carvey (Feb 24)
- RE: How to find a changing IP on ethernet network BĂ©noni MARTIN (Feb 24)
- Re: How to find a changing IP on ethernet network Ivan Andres Hernandez Puga (Feb 24)
- Re: How to find a changing IP on ethernet network Cesar Osorio (Feb 24)
- RE: How to find a changing IP on ethernet network Mike (Feb 24)
- Re: How to find a changing IP on ethernet network Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA (Feb 25)
- RE: How to find a changing IP on ethernet network Bruyere, Michel (Feb 25)
- RE: How to find a changing IP on ethernet network Bhavani Suresh (Feb 25)
- Re: How to find a changing IP on ethernet network Gideon T. Rasmussen, CISSP, CISM, CFSO, SCSA (Feb 26)
- RE: How to find a changing IP on ethernet network patrick (Feb 26)
- RE: How to find a changing IP on ethernet network David Brown (Feb 25)
- Re: How to find a changing IP on ethernet network hassan hani (Feb 25)
- Re: How to find a changing IP on ethernet network Wim Peeters (Feb 25)
- RE: How to find a changing IP on ethernet network Josh Mills (Feb 25)
- RE: How to find a changing IP on ethernet network Mike (Feb 26)
- RE: How to find a changing IP on ethernet network David Brown (Feb 26)