Security Incidents mailing list archives

Re: disinfection tool

From: Ryan Russell <ryan () securityfocus com>
Date: Mon, 6 Aug 2001 14:35:59 -0600 (MDT)

On Mon, 6 Aug 2001, Homer Wilson Smith wrote:

    How does one easily track down a mac address through a maze
of Cisco 1900 switches to find the port number that has the machine
on it, if you know the mac address?


show cam dynamic


    Doing it by hand is painful.


Indeed.  I've done it, and it is a pain.  I never got around to scripting
it, but a cobination of show cam dynamic, show port (to determine
trunk/interswitch ports) and show cdp neighbor to figure out what the IP
is of that switch out that trunking port.

Or, since it's Windows that is infected, do a nbtstat -a x.y.z.a, and look
at the machine name and logged-in user (if any).

                                        Ryan



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

RE: disinfection tool Mark Ng (Aug 06)
- Re: disinfection tool Alfred Huger (Aug 06)
  - RE: disinfection tool Ken Pfeil (Aug 06)
  - Re: disinfection tool Homer Wilson Smith (Aug 06)
    - Re: disinfection tool Ryan Russell (Aug 06)
- RE: disinfection tool Rob McCauley (Aug 06)