Alfred Vahau wrote:
Thanks for the reply. This is the practice at present. We block off one IP and another pops up.
At times, quite a few of them appear. We suspect that some of these guys are disgruntled ex-employees
who have unauthorized access or are accessing the network with the help of other staff.
Aha, so you suspect malicious intent and not only accidental behaviour. In that case you shouldn't expect that some other internal information found on the problematic computers is valid either.
However, there is a possibility if you want to find the computer by IP, if you use manageable switches. As you know which IPs are improper, you can also find the corresponding MAC address passively from the router's ARP table (or actively by arping), and the switches will be able to tell you on which port this MAC is plugged. Then you can e.g. shutdown the port or follow the cable to the physical computer location.
alfred,
Yours sincerely Peter Surda _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
