Security Basics mailing list archives
Re: Identifying Intrusions?
From: "Lord Bane" <lordl3ane () gmail com>
Date: Tue, 24 Apr 2007 12:59:37 -1000
Donald, The easiest method to track down a system that is masquerading it's source information (MAC/IP/etc) is to have managed infrastructure. Peel your infrastructure like an onion, searching for the source port of the traffic. On the other hand, if you don't have managed switches; you may be forced into segregating your network in to smaller and smaller components. Analize both segments to determine which side the traffic is still visible (using a sniffer), and then separate it again, and so on, until you find the switch that has the traffic. Then it's just finding which host on that switch is the culprit. Cheers! Eric
Current thread:
- Identifying Intrusions? donald . shroyer (Apr 24)
- <Possible follow-ups>
- Re: Identifying Intrusions? Lord Bane (Apr 25)
- Re: Identifying Intrusions? fskrc1 (Apr 25)