Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to find hidden host within LAN

From: "Avishai Wool" <yash () acm org>
Date: Sun, 25 Nov 2007 22:12:04 +0200
Hi


The problem is that i'm not able to
identify this host within my LAN:
I can see his IP address (192.168.x.
y) and i can find his mac address througth ARP, but i can't ping it and


if you ping do you get something like "host unknown" (means ethernet
can't find the MAC) or or just no answer (he may have a firewall
dropping icmp) ?


there is no host within my lan with this Mac address.


that you know of...
FYI, changing MAC addresses is pretty easy, and if the host is a VM
then the internal MAC is totally emulated  and software based...


I can't
traceroute it.
Can someone help me to find this hidden host?


I assume you don't have a fancy switch that lets you trace ethernet ports...

if he keeps transmitting, you can try the old "binary search": it's
disruptive but will work disconnect half your net and check which "side"
he's on. Repeat recursively ...

if your switch is not very dumb, and does not blindly forward every packet
on every port, you may be able to use a sniffer (ethereal) on different sides
of the switch to see where he's coming from(?)

Have fun,
  Avishai


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards




-- 
Avishai Wool, Ph.D.,  Co-founder and Chief Technical Officer
               http://www.algosec.com
******* Firewall Management Made Smarter ******
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: