Security Basics mailing list archives
RE: Identifying a computer
From: "JAVIER OTERO" <jotero () SMARTEKH com>
Date: Thu, 4 Dec 2003 09:44:19 -0600
Try www.lightspeedsystems.com/ they have a demo for 10 days, the information presented is GOOD. Ing. Fco. Javier Otero De Alba Diplomado en Seguridad Informática ITESM CEM Grupo Smartekh Antivirus Expertos Bussiness Continuity Inftegrity 5243-4782 al 84 Ext.300 México, D.F. -----Mensaje original----- De: Bryan Allen [mailto:bda () mirrorshades net] Enviado el: Miércoles, 03 de Diciembre de 2003 03:25 p.m. Para: security-basics () securityfocus com Asunto: Re: Identifying a computer On Dec 3, 2003, at 10:38 AM, Cheetah wrote:
Is there any way I can get some information out of this computer without running around and asking everyone what their IP is?
Block the IP address at the border (at your Linux gateway/firewall). Whoever comes and complains is your culprit. Also, set up firewalling to only allow hosts which have an entry in dhcpd.leases (don't allow unknown statics) so it can't happen again and people have to play by your rules (though really you should design your network so things like this can't happen, either with physical/logical subnets or VLANs). Depending on how your network is designed, you can usually figure out which segment the host is sitting on and work from there. It's certainly much easier if your switches are managed, but it's not too hard to do even if they're dumb. If your switches are dumb, you'll have to actually go and check machine's ARP tables to find out on what segment the host is living on. If your network only has one dimension, well, the easiest thing to do is block their MAC address at the border (using the iptables MAC filtering module). That way, even if they switch over to using DHCP, they still have to come talk to someone in IT, so you can explain them the finer points of being a polite network citizen. Eventually you'll want to consider generating a MAC address to owner relationship chart, so when some host starts acting like a punkass, you can go beat up the appropriate party. Look into implementing QoS. It's relatively simple and there are plenty of HOWTOs. Google is your friend. -- bda Cyberpunk is dead. Long live cyberpunk. http://mirrorshades.org --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Identifying a computer Mike (Dec 03)
- Re: Identifying a computer Paul Kurczaba (Dec 04)
- <Possible follow-ups>
- RE: Identifying a computer McGill, Lachlan (Dec 04)
- Re: Identifying a computer Jimi Thompson (Dec 08)
- FW: Identifying a computer Alex Pimperton (Dec 04)
- RE: Identifying a computer Batkin, Seva (Dec 04)
- RE: Identifying a computer Shawn Jackson (Dec 04)
- Re: Identifying a computer gregh (Dec 04)
- RE: Identifying a computer JAVIER OTERO (Dec 04)
- RE: Identifying a computer Dean Davis (Dec 08)