[CLUE-Tech] Finding rogue IPs.
Warren Raquel
clue at sohonetworksetup.com
Thu Nov 21 12:17:37 MST 2002
I've seen it done before. The way I went about finding the culprit was to
review all my switches to see what port had logged that ARP.
At 12:09 PM 11/21/2002 -0700, you wrote:
>Suppose you have a network in your two story office building with around
>250 network drops (10/100BT hubs). Suppose one of your servers becomes
>unreachable and you find that arp gives you a different MAC address than
>you expect.
>
>Seems like someone has plugged in a machine and given it the same IP as
>your server, and somehow this rogue machine wins the arp battle. So your
>IP has been stolen.
>
>Anyone seen this before?
>
>How would you find the rogue machine to fix the problem?
>
>Dave
>
>_______________________________________________
>CLUE-Tech mailing list
>CLUE-Tech at clue.denver.co.us
>http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list