Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to find a changing IP on ethernet network

From: H Carvey <keydet89 () yahoo com>
Date: 21 Feb 2004 12:31:49 -0000
In-Reply-To: <40361FA5.7070005 () globalsis com ar>

Ivan,


Hello. I have a client with a simple Ethernet network with HUB's 
connecting and there is one person that is changing it's IP and creating 
conflicts. What would you do to track down that person? i mean, to find 
who does that?


Well, it depends on what platforms you're dealing with.  There are a couple of ways to go about this, if the systems 
are Windows NT/2K/XP:

1.  Record all of the MAC addresses of the systems and their IPs.  Then when you get a conflict issue, you will have a 
table to compare the information against.

2.  Enable File and Object Access Auditing, and enable auditing of the appropriate Registry key(s).  Since the person 
doing this probably has Admin privs, you'll have to hope that they don't notice this.  When the IP address is changed, 
you'll get entries in the EventLog.

3.  Develop a Perl script that either scans systems regularly, or only when you run it.  The script can retrieve the IP 
address of each system remotely, as well as the name of the system (NetBIOS name) and the logged on user.

Hope that helps.

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.securityfocus.com/sponsor/Astaro_security-basics_040219
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: