Re: [PEN-TEST] MAC -> IP ?

[Dom De Vitto <dom () DEVITTO COM>]

Or an unconfigured (or misconfigured) interface.
Windozs PeeCees tend to pump out NetBUI broadcasts all over the shop,
even when the interface isn't configured!

I've also seen some cheap printers not respond to ping, or anything
other than a telnet to the LPR port...

Again, I'd look up the MAC and see who made the device, then start
tracing cables.

Dom
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  Dom De Vitto                              Secure Technologies Ltd. 
  mailto:dom () devitto com                       Mob. +44 7971 589 201  
  http://www.devitto.com                       Fax. +44 8700 548 750  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 

 | -----Original Message-----
 | From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
 | Of Andrew Lawton
 | Sent: 19 March 2001 12:42
 | To: PEN-TEST () SECURITYFOCUS COM
 | Subject: Re: [PEN-TEST] MAC -> IP ?
 | 
 | 
 | Keep in mind that it might be "non-TCP" traffic like IPX. You 
 | might simply
 | have a incorrectly configured system or an old Novell server 
 | sitting around.
 | 
 | `drew
 | 
 | -----Original Message-----
 | From: Kerle, Jens [mailto:jkerle () GMX DE]
 | Sent: Saturday, March 17, 2001 5:58 PM
 | To: PEN-TEST () SECURITYFOCUS COM
 | Subject: [PEN-TEST] MAC -> IP ?
 | 
 | 
 | Hi,
 | 
 | i am watching our net for changes in IP and MAC (which we don't 
 | allow). On
 | out Switch i can find a MAC, with no known IP. I already tried 
 | to ping the
 | whole IP range and looked in the arp table of my computer, but can't find
 | the MAC there. If i flush the switch arp table, the MAC comes back after
 | some seconds, so the 'evil' computer seems to be active.
 | 
 | 1. is there a better way to get the IP if i have the MAC ?
 | 
 | 2. how is it possible to hide your arp requests/response ?
 | 
 | thanks, Jens