Security Basics mailing list archives

Re: Identifying a computer

From: "Andy Cuff [Talisker]" <talisker () securitywizardry com>
Date: Thu, 4 Dec 2003 07:59:49 -0000

Hi,
I've seen you've had loads of replies with suggestions of identifying the
rogue host, what you can also do is introduce a packet shaping device to
limit his bandwidth usage.  This is also possible on Cisco Routers through a
QOS feature, the name of which I can't remember. Some network IPS and
firewalls can prevent certain traffic at certain times of the day which is a
useful feature.
 A protocol analyser will identify what he's doing and what ports are
heavily utilised.

If you don't want to use a protocol analyser such as ethereal try a
graphical tool like Etherape which will show you all connections and more
importantly adjust the pipe size according to the quantity of traffic and
color according to the port.  It's not very refined but it's FREE and I love
it !
You'll be surprised about who is talking to who, fire up MSN Messenger and
watch those pretty patterns going everywhere

-andy

Talisker Security Tools Directory
http://www.securitywizardry.com
----- Original Message ----- 
From: "Cheetah" <cheetahx () online no>
To: <security-basics () securityfocus com>
Sent: Wednesday, December 03, 2003 3:38 PM
Subject: Identifying a computer

Hello.

I am helping the sysadmin on my local LAN to manage the network, etc.
We have limited internet-bandwidth, and therefore it is necessary to make
sure no-one
is taking to much of the bandwidth, as others will not be able to use the
internet connection.

For the last 2 days, a new IP has appeared, and it is constantly using a

lot

of bandwidth.
We have a linux-server running DHCP, DNS and the internet-connection. I

have

checked the
dhcpd.leases file, but the IP isn't there. I have also tried to ping and
scan this IP, but the computer
is running a strong firewall, shows no open ports and doesn't even respond
to pings.

Is there any way I can get some information out of this computer without
running around
and asking everyone what their IP is?

Tore



--------------------------------------------------------------------------

--------------------------------------------------------------------------

--



---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: Identifying a computer, (continued)
- - - Re: Identifying a computer Bryan Allen (Dec 03)
    - RE: Identifying a computer Optrics Engineering - Shaun Sturby, MCSE (Dec 03)
    - Re: Identifying a computer Ranjeet Shetye (Dec 03)
    - Re: Identifying a computer ~Kevin Davis³ (Dec 04)
    - Re: Identifying a computer Ranjeet Shetye (Dec 05)
    - RE: Identifying a computer David Gillett (Dec 03)
    - Re: Identifying a computer Tim Willard (Dec 03)
    - RE: Identifying a computer Jason Balicki (Dec 04)
    - Re: Identifying a computer Meritt James (Dec 05)
    - RE: Identifying a computer Duston Sickler (Dec 04)
    - Re: Identifying a computer Andy Cuff [Talisker] (Dec 04)
    - Re: Identifying a computer David Glosser (Dec 19)
    - Re: Identifying a computer Peter Wohlers (Dec 19)
- Re: Epithet SMiller (Dec 02)
  - Re: Epithet Jimi Thompson (Dec 08)
    - Re: Epithet Meritt James (Dec 08)
    - Re: Epithet Jimi Thompson (Dec 11)