On another note, I know somebody that keeps a database of MAC addresses, it seems it is a very colorful idea to keep it, just incase for situations like these :) Use a MySQL database and a PHP script. Keep it filed off on some CD, since you might really want this data secure.
Keep that in mind when you build your huge corporate network, or add machines. For now, if you feel suspicious about the machine, lock it down by stopping all traffic between it and the router if you feel somebody is accessing the network through it or if the data seems too suspicious. I usually advise sniffing the traffic first, however it seems that your situation might be dire, so stop traffic first and see what pops up after you trace down the physical computer and the user responsible. I'm sure however if you search on the net, you'll find some type of software that can do that. I'm not so certain if some Cisco firewalls will allow you to do so. David >From: Jonas M Luster <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Re: FW: Tracing physical machines on DHCP networks >Date: Sun, 14 Jul 2002 14:50:43 -0700 > >Quoting Blaxes ([EMAIL PROTECTED]): > > > Is there any ip management software that logs dhcp assignments to user > > logon on at the firewall with time and date stamps ? > >Why don't you just grab the IP address, get the MAC address from the >switch and the associated Port and use that as a way to find your >machine? > >jonas > >-- >Jonas M Luster -- d-fensive networks, Inc. -- http://www.d-fensive.com _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
