Re: IP address conflicts / locating

["Flagg, Martin D." <FlaggMD () HIRAM EDU>]

CiscoWorks has this ability or you can do it tracking back the CAM
tables on the switches.  If it is a CCA Client we redirect them to a
page telling them that their port has been administratively shutdown and
please contact the helpdesk.  If the IP address is critical then we
track it down to the port and shutdown the port.  Once, before CCA, we
had a student enter the default gateway as their IP address, this had
interesting results. 


Martin D. Flagg
Network Engineer/Administrator
Hiram College


 


-----Original Message-----
From: Kevin Shalla [mailto:kshalla () UIC EDU] 
Sent: Thursday, December 15, 2005 6:55 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] IP address conflicts / locating

At our school, all our IPs are public and statically assigned.  Because
we're a large school, and IP management is decentralized, we often have
IP address conflicts.  Our resolution procedure is to call the network
group which filters that IP address.  Then we wait until the perpetrator
calls the network group to say that the network isn't working.  Then the
perpetrator is told to use a different address, and the original
computer can have that IP address back.  This can work when people are
merely making mistakes, however we're noticing rogue servers being
installed, and when they get filtered, they simply move on to another
address.

I've asked if we can get a tool which will take as input the IP address,
and give the switch port where this IP is active, identify where this
switch is, and further identify to which building and room that port
connects.  Do other schools have this ability, or am I asking for too
much?