From: Chuck Church (cchurch@xxxxxxxxxxxx)
Date: Mon Aug 13 2001 - 20:24:33 GMT-3
Xuan,
There are many ways to do this. Is it a Windows network? How do
you know when the malicious machine is on? Does it always show up in
network neighborhood with the same name? Once you know it's on, you should
be able to find it's IP address. Once you've got that, you've got the MAC
address. Assuming you've got manageable switches, you should be able to
narrow it down to a switch port by looking at the CAM table. Hopefully your
patch panel is labeled and you have a map of where your network drops are.
If your switches aren't manageable or are hubs, try pulling out or disabling
all unused ports. Good luck.
Chuck
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Xuan.Sun@Seagate.com
Sent: Monday, August 13, 2001 5:25 PM
To: ccielab@groupstudy.com
Subject: filter based on MAC address
A malicious machine always uses different IP addresses to connect to the
network. Does anybody know how to disable this machine ? Is there a way to
use MAC address-type of access list to filter this machine in the router
before we physically find it ?
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:50 GMT-3