Educause Security Discussion mailing list archives

Re: IP address conflicts / locating

From: David Gillett <gillettdavid () FHDA EDU>
Date: Thu, 15 Dec 2005 17:07:15 -0800

  It's going to depend largely on the equipment you use.  We're
able to do this with most of our current gear (although it's terribly
SLOW) because the switches also do layer 3 routing; on the old
layer 2 only Cisco switches I used to work with, clients could
only be located by MAC address and not IP.  (Searching by MAC
address is slower than by IP address with the new gear, but more
reliable for unknown reasons.)
  Matching switch port numbers to jack locations depends on you
documenting how the switches are wired to the patch panels.

  A technique I've found useful, especially when rogue devices just
hop to another jack, is to create a "black hole" VLAN and assign the
rogue's MAC address to that VLAN.  Somehow, jacks that work for others
stop working when they plug in....  Eventually, they either call for
support or conclude that their NIC is broken.

David Gillett

-----Original Message-----
From: Kevin Shalla [mailto:kshalla () UIC EDU]
Sent: Thursday, December 15, 2005 3:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] IP address conflicts / locating

At our school, all our IPs are public and statically
assigned.  Because we're a large school, and IP management is
decentralized, we often have IP address conflicts.  Our
resolution procedure is to call the network group which
filters that IP address.  Then we wait until the perpetrator
calls the network group to say that the network isn't
working.  Then the perpetrator is told to use a different
address, and the original computer can have that IP address
back.  This can work when people are merely making mistakes,
however we're noticing rogue servers being installed, and
when they get filtered, they simply move on to another address.

I've asked if we can get a tool which will take as input the
IP address, and give the switch port where this IP is active,
identify where this switch is, and further identify to which
building and room that port connects.  Do other schools have
this ability, or am I asking for too much?

Current thread:

IP address conflicts / locating Kevin Shalla (Dec 15)
- <Possible follow-ups>
- Re: IP address conflicts / locating Brian K. Doré (Dec 15)
- Re: IP address conflicts / locating David Gillett (Dec 15)
- Re: IP address conflicts / locating Al Sparks (Dec 15)
- Re: IP address conflicts / locating Flagg, Martin D. (Dec 16)
- Re: IP address conflicts / locating Randy Grimshaw (Dec 16)
- Re: IP address conflicts / locating Michael Grinnell (Dec 16)
- Re: IP address conflicts / locating Christopher Misra (Dec 16)
- Re: IP address conflicts / locating William G. Thompson, Jr. (Dec 16)
- Re: IP address conflicts / locating Jason Richardson (Dec 18)
- Re: IP address conflicts / locating Graham Toal (Dec 19)
- Re: IP address conflicts / locating Donald J Westlight (Dec 19)
- Re: IP address conflicts / locating Tristan RHODES (Dec 28)

(Thread continues...)