Security Basics mailing list archives
Re: rogue IP address
From: Dave <david.morris () curvalue nl>
Date: Fri, 2 May 2003 09:48:54 +0200
Hi,
I do not know your switch, or your network layout, but generic method
which works in most cases is to set up a fast/"large data size" ping to said
IP address.
Look for the fastest blinking light.
I know it is not scientific, and probably offends some people but it does
work. (For up to a few hundred ports).
- Assumes flat network.
- Better to do it at a 'quiet' time, the effect is more noticeable
- Assumes that you are aware of your important ports (servers/routers etc.)
which normally have high load anyway.
- Do NOT do it if network performance is critical, you can overload the best
of switches with ICMP.
- Maybe there are a few ports which look like possibilities, but at least you
have narrowed them down.
/Dave
On Thursday 01 May 2003 00:40, dondon () pacbell net wrote:
Someone on our network assigned an IP address to their own system without my knowledge. Using LANguard network scanner, the best I can tell is that it's a Linux box. The port-to-IP mapping table on our Asante switch doesn't see to work correctly. Any suggestions on tracing down that system that is associated with the IP is appreciated! Andy --------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics --------------------------------------------------------------------------- -
--------------------------------------------------------------------------- FastTrain has your solution for a great CISSP Boot Camp. The industry's most recognized corporate security certification track, provides a comprehensive prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case studies and true hands-on utilization of pertinent security tools. For a limited time you can enter for a chance to win one of the latest technological innovations, the SEGWAY HT. Log onto http://www.securityfocus.com/FastTrain-security-basics ----------------------------------------------------------------------------
Current thread:
- rogue IP address dondon (May 01)
- Re: rogue IP address Dave (May 02)
- Re: rogue IP address Duston Sickler (May 02)
- Re: rogue IP address Jeff Harris (May 05)
- Re: rogue IP address Jason Burroughs (May 07)
- Re: rogue IP address Duston Sickler (May 02)
- Re: rogue IP address Richard Caley (May 02)
- RE: rogue IP address Burton M. Strauss III (May 02)
- RE: rogue IP address Jose Guevarra (May 02)
- Re: rogue IP address Dave (May 02)
- RE: rogue IP address David Gillett (May 02)
- RE: rogue IP address Anthony (May 05)
- <Possible follow-ups>
- RE: rogue IP address Wilcox, Stephen (May 02)
(Thread continues...)
- Re: rogue IP address Dave (May 02)