Security Basics mailing list archives
Re: rogue IP address
From: Dave <david.morris () curvalue nl>
Date: Fri, 2 May 2003 09:48:54 +0200
Hi, I do not know your switch, or your network layout, but generic method which works in most cases is to set up a fast/"large data size" ping to said IP address. Look for the fastest blinking light. I know it is not scientific, and probably offends some people but it does work. (For up to a few hundred ports). - Assumes flat network. - Better to do it at a 'quiet' time, the effect is more noticeable - Assumes that you are aware of your important ports (servers/routers etc.) which normally have high load anyway. - Do NOT do it if network performance is critical, you can overload the best of switches with ICMP. - Maybe there are a few ports which look like possibilities, but at least you have narrowed them down. /Dave On Thursday 01 May 2003 00:40, dondon () pacbell net wrote:
Someone on our network assigned an IP address to their own system without my knowledge. Using LANguard network scanner, the best I can tell is that it's a Linux box. The port-to-IP mapping table on our Asante switch doesn't see to work correctly. Any suggestions on tracing down that system that is associated with the IP is appreciated! Andy --------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics --------------------------------------------------------------------------- -
--------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------
Current thread:
- rogue IP address dondon (May 01)
- Re: rogue IP address Dave (May 02)
- Re: rogue IP address Duston Sickler (May 02)
- Re: rogue IP address Jeff Harris (May 05)
- Re: rogue IP address Jason Burroughs (May 07)
- Re: rogue IP address Duston Sickler (May 02)
- Re: rogue IP address Richard Caley (May 02)
- RE: rogue IP address Burton M. Strauss III (May 02)
- RE: rogue IP address Jose Guevarra (May 02)
- Re: rogue IP address Dave (May 02)
- RE: rogue IP address David Gillett (May 02)
- RE: rogue IP address Anthony (May 05)
- <Possible follow-ups>
- RE: rogue IP address Wilcox, Stephen (May 02)
(Thread continues...)
- Re: rogue IP address Dave (May 02)