help please - static ip

G

Guest

hi

i need help ASAP. All i have to work with is an IP address and a computer
name.

Someone has taken the liberty of assigning themselves a static ip address on
the network. I do not know who owns the machine. I cannot remotely attach
to it either. I need a way to block this machine. My switches are old and
cannot be configured to block ports. I do not know if it is a windows
machine or not. I have used remote shutdown and it does not work. I have
tried to use arp to change its mac address - that seems to work but cannot
take it any further. I need some ideas on how to stop this as it may be a
security issue. I am in a windows 2003 server environment. All machines are
windows xp sp1.

This has already created problems as they used an IP address that was
already allocated and that is how i found out about this machine.

thanks
 
G

Guest

Maybe try using PsLoggedOn.exe from sysinternals.com to see who is logged on
the offending system?
 
S

Steven L Umbach

Use something like Superscan4 to scan that IP address using the enumeration
option to find out as much information as possible about that IP address.
That may give you info on the operating system and a whole lot more unless
the user has a software/firewall blocking access. Since you don't have more
current managed switches you will find it much more difficult to track down
involving a lot of legwork. You might have to systematically unplug cables
from your switches while you are attempting to ping the IP address to try
and track down where it is physically. I hope you have a security policy in
place that prohibits the use of unauthorized computers/devices on the
network with stiff consequences otherwise the user will just say oops -
sorry.

You can configure an ipsec filtering policy with a block filter action to
block access for that IP address to your domain computers and you might
configure your firewall to block outbound access from that IP for internet
access. Of course the user may just change his IP address when he finds he
can not get the access he wants. You should also check the security logs on
your domain controllers for account logon/logon events that show the name of
the computer which may lead you to the user. You can use the free tool from
MS called Event Comb to search for text strings that could be a computer
name. Pinging the IP address with the -a option would show the computer
name [assuming you can ping it] as could looking at your dns and wins
records or it may show in My Network Places. --- Steve

http://www.foundstone.com/index.htm...&subcontent=/resources/proddesc/superscan.htm
--- Superscan4
http://www.securityfocus.com/infocus/1559 --- how to configure an ipsec
filtering policy
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Static IP on a printer fails 6
Windows 10 operating system - using firefox browser - yahoo mail. 5
Static IP changes to dynamic automatically 11
Excel Barcoding using a central database repositories 0
Unable To Connect To Internet - IP Address Conflict 6
Configuring static IP address 3
Is my computer compromised? 6
Accessing a remote system, with a static IP address and a router 11

Top