Educause Security Discussion mailing list archives
Re: IP address conflicts / locating
From: Jason Richardson <A00JER2 () WPO CSO NIU EDU>
Date: Sun, 18 Dec 2005 08:55:19 -0600
We currently use Lucent QIP to manage our IP address space and DNS name assignments. We're DHCP with reserved IP addresses for those machines that need them. This is our second go around with QIP which we used a few years ago, and liked well enough, but could not afford anymore because of their pricing model (charging per IP address including private IPs). After trying out an appliance solution that ended up being a disaster, we went back to QIP when Lucent finally got the picture and made the software affordable enough for a public edu. We finally finished migrating everything over to QIP last month and everyone seems happy enough. We also have a home grown tool like the one that Chris describes below. Our network is mostly Cisco L3, but not close to all, so writing a tool that could talk to several different platforms has been difficult, but we've got some pretty good system programmers on our staff who were able to get it done. Our security staff literally uses it every day, often several times/day. My advice would be to look at something like QIP, or Netreg, and to go to DHCP ASAP. Jason --- Jason Richardson Senior IT Security Analyst Enterprise Systems Support Northern Illinois University
cmisra () NIC UMASS EDU 12/16/05 10:27 AM >>>I've asked if we can get a tool which will take as input the IP address, and give the switch port where this IP is active, identify where this switch is, and further identify to which building and
room
that port connects. Do other schools have this ability, or am I asking for too much?
We've had this capability in our toolset for quite a number of years. It runs under the hood of most of our incident identification, notification, and remediation toolsets. It is based on SNMP calls through a perl script and very site localized, but the logic is transportable. A few things that make it easier for us is homogeneity of edge switches, network registration (netreg), and a robust database that maps switchport to building, room, jack. The rough process is to query an arp database for MAC-IP mappings dumped periodically from the router. The logic is to start at the router, query the 802.1d bridging MIB for the forwarding interface, query the forwarding interface for the next downstream switching device, and iterate until the end of the chain. In our case, since we have a consistent switch vendor, we are able to use vendor-specific protocol to identify the next downstream switching device, however this could probably be abstracted away. Using this, we are able to pass in an IP address and return switch, port, user, building, room, jack #, etc, in near realm time. I takes on order 5-10 seconds to run but is very accurate. -chris
Current thread:
- IP address conflicts / locating Kevin Shalla (Dec 15)
- <Possible follow-ups>
- Re: IP address conflicts / locating Brian K. Doré (Dec 15)
- Re: IP address conflicts / locating David Gillett (Dec 15)
- Re: IP address conflicts / locating Al Sparks (Dec 15)
- Re: IP address conflicts / locating Flagg, Martin D. (Dec 16)
- Re: IP address conflicts / locating Randy Grimshaw (Dec 16)
- Re: IP address conflicts / locating Michael Grinnell (Dec 16)
- Re: IP address conflicts / locating Christopher Misra (Dec 16)
- Re: IP address conflicts / locating William G. Thompson, Jr. (Dec 16)
- Re: IP address conflicts / locating Jason Richardson (Dec 18)
- Re: IP address conflicts / locating Graham Toal (Dec 19)
- Re: IP address conflicts / locating Donald J Westlight (Dec 19)
- Re: IP address conflicts / locating Tristan RHODES (Dec 28)
- Re: IP address conflicts / locating David LaPorte (Dec 28)