Educause Security Discussion mailing list archives
Re: IP address conflicts / locating
From: "Brian K. Doré" <bkd () LOUISIANA EDU>
Date: Thu, 15 Dec 2005 19:05:14 -0600
Your first challenge is to have a way to document your static address assignments, and you need to include the MAC address of the NIC along with the IP so you can be certain who really owns the address and who is stealing it. Layer 2 switches only care about MAC addresses so you need to identify the addresses involved in the conflict and determine which is the rogue then query your inventory database or your switch MAC tables to locate the offending machine. Generally the MAC address of the rogue is included in the error that appears. You can also get it by turning off the real owner, ping the rogue and then looking in your ARP cache. A lot of the less expensive unmanaged switches won't have a way to examine the MAC tables to do this so you need to ask your networking department what their capabilities are. A good database of your machine inventory including MAC addresses, who the machine belongs to and where it's physically located can be a great help. Another thing you might want to consider is a DHCP solution like Netreg. You really need to get a handle on something like this before someone interferes with the operation of a machine thats important. Brian Brian Dore Office of Information Systems University of Louisiana at Lafayette From: Kevin Shalla Sent: Thu 12/15/2005 5:54 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: IP address conflicts / locatingAt our school, all our IPs are public and statically assigned. Because we're a large school, and IP management is decentralized, we often have IP address conflicts. Our resolution procedure is to call the network group which filters that IP address. Then we wait until the perpetrator calls the network group to say that the network isn't working. Then the perpetrator is told to use a different address, and the original computer can have that IP address back. This can work when people are merely making mistakes, however we're noticing rogue servers being installed, and when they get filtered, they simply move on to another address.
I've asked if we can get a tool which will take as input the IP address, and give the switch port where this IP is active, identify where this switch is, and further identify to which building and room that port connects. Do other schools have this ability, or am I asking for too much?
Current thread:
- IP address conflicts / locating Kevin Shalla (Dec 15)
- <Possible follow-ups>
- Re: IP address conflicts / locating Brian K. Doré (Dec 15)
- Re: IP address conflicts / locating David Gillett (Dec 15)
- Re: IP address conflicts / locating Al Sparks (Dec 15)
- Re: IP address conflicts / locating Flagg, Martin D. (Dec 16)
- Re: IP address conflicts / locating Randy Grimshaw (Dec 16)
- Re: IP address conflicts / locating Michael Grinnell (Dec 16)
- Re: IP address conflicts / locating Christopher Misra (Dec 16)
- Re: IP address conflicts / locating William G. Thompson, Jr. (Dec 16)
- Re: IP address conflicts / locating Jason Richardson (Dec 18)
- Re: IP address conflicts / locating Graham Toal (Dec 19)
- Re: IP address conflicts / locating Donald J Westlight (Dec 19)
(Thread continues...)