RE: Identifying a computer

["Duston Sickler" <dustons () charter net>]

You may want to make sure that there is not a unsecured Wi-Fi access point
on the network.  You may have some one in the parking lot doing things with
your bandwidth. (and you Internet facing IP)  As far as how to gather
information on the suspect IP address I suggest a sniffer to see what it is
they are doing.  You may be able to determine what O.S. they are using
(among other things) my looking at the output.

Best of luck,

Duston Sickler
CompTIA A+ Certified

-----Original Message-----
From: Cheetah [mailto:cheetahx () online no] 
Sent: Wednesday, December 03, 2003 9:38 AM
To: security-basics () securityfocus com
Subject: Identifying a computer

Hello.

I am helping the sysadmin on my local LAN to manage the network, etc.
We have limited internet-bandwidth, and therefore it is necessary to make
sure no-one is taking to much of the bandwidth, as others will not be able
to use the internet connection.

For the last 2 days, a new IP has appeared, and it is constantly using a lot
of bandwidth.
We have a linux-server running DHCP, DNS and the internet-connection. I have
checked the dhcpd.leases file, but the IP isn't there. I have also tried to
ping and scan this IP, but the computer is running a strong firewall, shows
no open ports and doesn't even respond to pings.

Is there any way I can get some information out of this computer without
running around and asking everyone what their IP is?

Tore



---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------