Home page logo

basics logo Security Basics mailing list archives

Re: Identifying a computer
From: "Andy Cuff [Talisker]" <talisker () securitywizardry com>
Date: Thu, 4 Dec 2003 07:59:49 -0000

I've seen you've had loads of replies with suggestions of identifying the
rogue host, what you can also do is introduce a packet shaping device to
limit his bandwidth usage.  This is also possible on Cisco Routers through a
QOS feature, the name of which I can't remember. Some network IPS and
firewalls can prevent certain traffic at certain times of the day which is a
useful feature.
 A protocol analyser will identify what he's doing and what ports are
heavily utilised.

If you don't want to use a protocol analyser such as ethereal try a
graphical tool like Etherape which will show you all connections and more
importantly adjust the pipe size according to the quantity of traffic and
color according to the port.  It's not very refined but it's FREE and I love
it !
You'll be surprised about who is talking to who, fire up MSN Messenger and
watch those pretty patterns going everywhere


Talisker Security Tools Directory
----- Original Message ----- 
From: "Cheetah" <cheetahx () online no>
To: <security-basics () securityfocus com>
Sent: Wednesday, December 03, 2003 3:38 PM
Subject: Identifying a computer


I am helping the sysadmin on my local LAN to manage the network, etc.
We have limited internet-bandwidth, and therefore it is necessary to make
sure no-one
is taking to much of the bandwidth, as others will not be able to use the
internet connection.

For the last 2 days, a new IP has appeared, and it is constantly using a
of bandwidth.
We have a linux-server running DHCP, DNS and the internet-connection. I
checked the
dhcpd.leases file, but the IP isn't there. I have also tried to ping and
scan this IP, but the computer
is running a strong firewall, shows no open ports and doesn't even respond
to pings.

Is there any way I can get some information out of this computer without
running around
and asking everyone what their IP is?




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]