If you know the MAC you should be able to drill down and find which switch it is connected to. Hopefully whoever wired your building had enough brain cells to create a logical mapping of network ports around the building to a numbered patch panel port. Then just trace the cable, find out which network port its connected to, then go find and smash the workstation in question. If you don't have such a mapping, take the time/money now to get one in place, it will save you countless headaches in the future. (its a two person job and you need a pair of network testers and some easy way to communicate throughout your office while doing it -- we bought little cheap motorolla 2-way radio's but cell phones would work) btw: its easy to spoof a mac address so that "iptables -A INPUT -m mac --mac-source 00:01:00:33:00:01 -j DROP" will not stop it. (its not a weakness of iptables but a weakness of IP itself) I had a similiar situation where a hardware dev had brought in a wireless router so he could move his laptop around his work area w/o being bothered with cabling. Well of course the idiot had no clue on securing wireless so some users in the adjacent office were using his wide open wireless gateway to download/browse the web without being forced thru their local proxy server - which was monitoring web access (which at this point in the wireless game nothing is secure, encryption may protect your _traffic_ but not your network) When consumption of our DS3 starting skyrocketing, I knew something was amiss. -CC On Nov 25, 2007 7:27 AM, Madan Thapa <madan.feedback@xxxxxxxxx> wrote: > You can track them..or restrict them with expesive technologies.. like > intelligent switches etc. > > However.. if you want the easier way.. you can do the following..... > > Assuming all node are windows PCs .... goto each pc on your lan.. (assuming > it is wired ) > > C:\>ipconfig -all | findstr "Physical" > 1.txt > > It will list the Mac Address of the PC. > > The mac address in windows will look like .. > 00-01-00-33-00-01 > > > > You can block the host using too much traffic with iptables.. > > # iptables -A INPUT -m mac --mac-source 00:01:00:33:00:01 -j DROP > > > notice the : (colon) instead of - (minus symbol ) in mac address > representation > > > > > > > > > > > > On Nov 25, 2007 8:09 PM, desant1@xxxxxx <desant1@xxxxxx> wrote: > > > Hi everybody > > I'm using RH ES4 with iptables as gateway/firewall for my > > LAN. > > In the last week i notice in the iptables logs that a host within > > my lan is doing a lot of traffic. > > The destination/source address of the > > packets and the used port suggest that this host is using peerToPeer > > application (emule or similar). > > The problem is that i'm not able to > > identify this host within my LAN: > > I can see his IP address (192.168.x. > > y) and i can find his mac address througth ARP, but i can't ping it and > > there is no host within my lan with this Mac address. > > I can't > > traceroute it. > > Can someone help me to find this hidden host? > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
