[CLUE-Tech] Finding rogue IPs.
Keith Hellman
kehellman at yahoo.com
Thu Nov 21 14:46:49 MST 2002
On Thu, Nov 21, 2002 at 12:09:04PM -0700, David Anselmi wrote:
> Suppose you have a network in your two story office building with around
> 250 network drops (10/100BT hubs). Suppose one of your servers becomes
> unreachable and you find that arp gives you a different MAC address than
> you expect.
>
> Seems like someone has plugged in a machine and given it the same IP as
> your server, and somehow this rogue machine wins the arp battle. So
> your IP has been stolen.
>
> Anyone seen this before?
>
> How would you find the rogue machine to fix the problem?
>
My 0.02: disable the IP in your firewall - see who complains about
the networking being down...
Keith Hellman #include <disclaimer.h>
kehellman at yahoo.com from disclaimer import standard
"We are born wet, naked, and hungry. Then things get worse."
--Unknown
More information about the clue-tech
mailing list