Home page logo

basics logo Security Basics mailing list archives

Re: rogue IP address
From: Richard Caley <rjc () caley org uk>
Date: 01 May 2003 18:30:05 +0100

In article <20030430224002.18480.qmail () www securityfocus com>, dondon  (d) writes:

d> Any suggestions on tracing down that system that is associated with the IP 
d> is appreciated!

Well, to be old fashoned, start a ping, then pull and replace plugs
until you spot the one which causes the ping to miss a beat. You
should be able to walk down a tree of hubs/switches like that in less
time than working out a smarter plan.

Great big signs at all staff toilets threatening mayhem to whoever it
is if they don't own up within the week.

If it's a fairly out-of-the-box linux instalation it may be running
sendmail, which may give you a way to contact the person responsible
if they read mail sent to root.

Perhaps you can block that IP at some firewall or router, then wait to
see who calls support to say their network connection has died.

If you can sniff packets, perhaps you can spot what they are doing, if
so that may give a clue who they are, or at least a clue as to
services they are using. From there you could, for instance, tell a
file server they are using to reject connections from that IP and
again wait for them to complain.

The fun story-to-tell-in-the-pub way would be to find out what sort of
linux it is, find a recent security report and crack the
machine. Probably not worth the effort, but nice to think about when
pulling plugs and planning the mayhem to apply when you find them.

Mail me as MYFIRSTNAME () MYLASTNAME org uk        _O_

FastTrain has your solution for a great CISSP Boot Camp. The industry's most 
recognized corporate security certification track, provides a comprehensive 
prospectus based upon the core principle concepts of security. This ALL INCLUSIVE curriculum utilizes lectures, case 
studies and true hands-on utilization 
of pertinent security tools. For a limited time you can enter for a chance 
to win one of the latest technological innovations, the SEGWAY HT. 
Log onto http://www.securityfocus.com/FastTrain-security-basics 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]