Re: filter based on MAC address

From: Fred Ingham (fningham@xxxxxxxxxxxxxxxx)
Date: Sun Aug 12 2001 - 21:58:51 GMT-3

• Next message: Gordon W Skinner: "Re: Code Red - and its workarounds with NBAR"
• Previous message: MM: "Re: Invalid chip id"
• Maybe in reply to: Xuan.Sun@xxxxxxxxxxx: "filter based on MAC address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Xuan: Capture some packets and look at the source MAC address. If it
is a router address then you don't want to filter it. Do a trace and
find the last router/switch before the host. Then look at arp or cam
entries to locate it.

If you have DHCP running on the network the host is probably getting its
address from it. Look at logs. Oft times a "malicious" host is simply
one with a bad NIC.

There are some other tools if you are using token-ring.

HTH, Fred

Xuan.Sun@Seagate.com wrote:
>
> A malicious machine always uses different IP addresses to connect to the
> network. Does anybody know how to disable this machine ? Is there a way to
> use MAC address-type of access list to filter this machine in the router
> before we physically find it ?
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Gordon W Skinner: "Re: Code Red - and its workarounds with NBAR"
• Previous message: MM: "Re: Invalid chip id"
• Maybe in reply to: Xuan.Sun@xxxxxxxxxxx: "filter based on MAC address"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:50 GMT-3