Home page logo

basics logo Security Basics mailing list archives

Re: Identifying a computer
From: Jimi Thompson <jimit () myrealbox com>
Date: Sat, 06 Dec 2003 14:28:50 -0600

You could try the old standby of turning off their port and waiting to see who complains about suddnely not being able to get email/surf/etc. In situations where things are labled sufficiently, I have found this tactic to be highly effective, if a bit lo-tech.



McGill, Lachlan wrote:

You should be able to determine their mac address from your local arp table and then check this mac address against the 
switch's arp table to see what switch port it is connected to. From this information, you should then be able to trace 
that port and cable connection to what data point they are connected to on the floor.

I hope your network is not too large to achieve this easily. :-)

-----Original Message-----
From: Cheetah [mailto:cheetahx () online no]
Sent: Thursday, 4 December 2003 2:38 AM
To: security-basics () securityfocus com
Subject: Identifying a computer


I am helping the sysadmin on my local LAN to manage the network, etc.
We have limited internet-bandwidth, and therefore it is necessary to make
sure no-one
is taking to much of the bandwidth, as others will not be able to use the
internet connection.

For the last 2 days, a new IP has appeared, and it is constantly using a lot
of bandwidth.
We have a linux-server running DHCP, DNS and the internet-connection. I have
checked the
dhcpd.leases file, but the IP isn't there. I have also tried to ping and
scan this IP, but the computer
is running a strong firewall, shows no open ports and doesn't even respond
to pings.

Is there any way I can get some information out of this computer without
running around
and asking everyone what their IP is?





  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]