how to find hidden host within LAN
Chuck
chuck.carson at gmail.com
Sun Nov 25 18:27:58 UTC 2007
By the way, I would also recommend placing an IDS (intrusion detection
system) in a strategic place in your network. They can be implemented
in a manner where they are "hidden" on the network by not using an IP
address, these "shadow boxes" as they are called are very usefull in
finding stuff like this out. Check out snort and their used to be a
decent front end for snort called acid. (not sure if acid is still
around or been renamed or whatever - its been years since I worked
somewhere they would't spring for a Cisco IDS.
-Chuck
On Nov 25, 2007 6:39 AM, desant1 at tin.it <desant1 at tin.it> wrote:
> Hi everybody
> I'm using RH ES4 with iptables as gateway/firewall for my
> LAN.
> In the last week i notice in the iptables logs that a host within
> my lan is doing a lot of traffic.
> The destination/source address of the
> packets and the used port suggest that this host is using peerToPeer
> application (emule or similar).
> The problem is that i'm not able to
> identify this host within my LAN:
> I can see his IP address (192.168.x.
> y) and i can find his mac address througth ARP, but i can't ping it and
> there is no host within my lan with this Mac address.
> I can't
> traceroute it.
> Can someone help me to find this hidden host?
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
More information about the redhat-list
mailing list