[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Rouge System

Posted on 2004-08-11
5
Medium Priority
?
225 Views
Last Modified: 2013-12-04
This might sound like a simple question but I am kind of new to the security side of networking.  How am I able to find a rouge system on my network?  I ran GFI's Langaurd and it came back with the IP address it is using and also says it is probably a Unix box.  It is running Samba 2.2.3a(build26).  But when I look for it in active directory users and computers it does not show up.  The Unix box has three open ports 139,110,25.  I can ping it but can't trace it down.  Any suggestions are exteremly invited.


Thank you,
Erick
0
Comment
Question by:ebouza
2 Comments
 
LVL 11

Expert Comment

by:cfairley
ID: 11774773
Erick,

I would not show up in AD because it does not have a Domain account.  I would try the following:
nslookup "ip address"

This should give you the DNS name for the box.  Also, search for the IP address in DHCP and/or WINS to get the name for the box.

Just some suggestions, I'm not a security expert either.

Thanks,
0
 
LVL 14

Accepted Solution

by:
dlwyatt82 earned 1000 total points
ID: 11775861
If you already have the machine's IP addres, but don't know where to physically find it, I hope you have a managed switch :)
The LanGuard software you mentioned may have also given you the MAC address of the rogue system. If it didn't, you can obtain this information through windows by:

Going to a Windows PC on the same subnet as the rogue system
Pinging the rogue system's IP address.
Run "arp -a" from a command prompt to get the MAC address.

Once you have that, log onto your managed switch for that vlan / subnet, and find out which port the rogue system is plugged into. Once you know which port the culprit is using, you can walk straight to the PC and find out what's going on (assuming you have well-documented cable runs between your patch panel and wall jacks). You also have the option of just unplugging the rogue system's network cable from the switch if you are worried about security and you are sure it is NOT supposed to be on your network.
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question