Security Basics mailing list archives
Re: Identifying a computer
From: "Andy Cuff [Talisker]" <talisker () securitywizardry com>
Date: Thu, 4 Dec 2003 07:59:49 -0000
Hi, I've seen you've had loads of replies with suggestions of identifying the rogue host, what you can also do is introduce a packet shaping device to limit his bandwidth usage. This is also possible on Cisco Routers through a QOS feature, the name of which I can't remember. Some network IPS and firewalls can prevent certain traffic at certain times of the day which is a useful feature. A protocol analyser will identify what he's doing and what ports are heavily utilised. If you don't want to use a protocol analyser such as ethereal try a graphical tool like Etherape which will show you all connections and more importantly adjust the pipe size according to the quantity of traffic and color according to the port. It's not very refined but it's FREE and I love it ! You'll be surprised about who is talking to who, fire up MSN Messenger and watch those pretty patterns going everywhere -andy Talisker Security Tools Directory http://www.securitywizardry.com ----- Original Message ----- From: "Cheetah" <cheetahx () online no> To: <security-basics () securityfocus com> Sent: Wednesday, December 03, 2003 3:38 PM Subject: Identifying a computer
Hello. I am helping the sysadmin on my local LAN to manage the network, etc. We have limited internet-bandwidth, and therefore it is necessary to make sure no-one is taking to much of the bandwidth, as others will not be able to use the internet connection. For the last 2 days, a new IP has appeared, and it is constantly using a
lot
of bandwidth. We have a linux-server running DHCP, DNS and the internet-connection. I
have
checked the dhcpd.leases file, but the IP isn't there. I have also tried to ping and scan this IP, but the computer is running a strong firewall, shows no open ports and doesn't even respond to pings. Is there any way I can get some information out of this computer without running around and asking everyone what their IP is? Tore --------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Identifying a computer, (continued)
- Re: Identifying a computer Bryan Allen (Dec 03)
- RE: Identifying a computer Optrics Engineering - Shaun Sturby, MCSE (Dec 03)
- Re: Identifying a computer Ranjeet Shetye (Dec 03)
- Re: Identifying a computer ~Kevin DavisĀ³ (Dec 04)
- Re: Identifying a computer Ranjeet Shetye (Dec 05)
- RE: Identifying a computer David Gillett (Dec 03)
- Re: Identifying a computer Tim Willard (Dec 03)
- RE: Identifying a computer Jason Balicki (Dec 04)
- Re: Identifying a computer Meritt James (Dec 05)
- RE: Identifying a computer Duston Sickler (Dec 04)
- Re: Identifying a computer Andy Cuff [Talisker] (Dec 04)
- Re: Identifying a computer David Glosser (Dec 19)
- Re: Identifying a computer Peter Wohlers (Dec 19)
- Re: Epithet Jimi Thompson (Dec 08)
- Re: Epithet Meritt James (Dec 08)
- Re: Epithet Jimi Thompson (Dec 11)