Educause Security Discussion mailing list archives
Re: IP address conflicts / locating
From: David Gillett <gillettdavid () FHDA EDU>
Date: Thu, 15 Dec 2005 17:07:15 -0800
It's going to depend largely on the equipment you use. We're able to do this with most of our current gear (although it's terribly SLOW) because the switches also do layer 3 routing; on the old layer 2 only Cisco switches I used to work with, clients could only be located by MAC address and not IP. (Searching by MAC address is slower than by IP address with the new gear, but more reliable for unknown reasons.) Matching switch port numbers to jack locations depends on you documenting how the switches are wired to the patch panels. A technique I've found useful, especially when rogue devices just hop to another jack, is to create a "black hole" VLAN and assign the rogue's MAC address to that VLAN. Somehow, jacks that work for others stop working when they plug in.... Eventually, they either call for support or conclude that their NIC is broken. David Gillett
-----Original Message----- From: Kevin Shalla [mailto:kshalla () UIC EDU] Sent: Thursday, December 15, 2005 3:55 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] IP address conflicts / locating At our school, all our IPs are public and statically assigned. Because we're a large school, and IP management is decentralized, we often have IP address conflicts. Our resolution procedure is to call the network group which filters that IP address. Then we wait until the perpetrator calls the network group to say that the network isn't working. Then the perpetrator is told to use a different address, and the original computer can have that IP address back. This can work when people are merely making mistakes, however we're noticing rogue servers being installed, and when they get filtered, they simply move on to another address. I've asked if we can get a tool which will take as input the IP address, and give the switch port where this IP is active, identify where this switch is, and further identify to which building and room that port connects. Do other schools have this ability, or am I asking for too much?
Current thread:
- IP address conflicts / locating Kevin Shalla (Dec 15)
- <Possible follow-ups>
- Re: IP address conflicts / locating Brian K. Doré (Dec 15)
- Re: IP address conflicts / locating David Gillett (Dec 15)
- Re: IP address conflicts / locating Al Sparks (Dec 15)
- Re: IP address conflicts / locating Flagg, Martin D. (Dec 16)
- Re: IP address conflicts / locating Randy Grimshaw (Dec 16)
- Re: IP address conflicts / locating Michael Grinnell (Dec 16)
- Re: IP address conflicts / locating Christopher Misra (Dec 16)
- Re: IP address conflicts / locating William G. Thompson, Jr. (Dec 16)
- Re: IP address conflicts / locating Jason Richardson (Dec 18)
- Re: IP address conflicts / locating Graham Toal (Dec 19)
- Re: IP address conflicts / locating Donald J Westlight (Dec 19)
- Re: IP address conflicts / locating Tristan RHODES (Dec 28)
(Thread continues...)