Results 1 to 5 of 5
  1. #1
    4 Star Lounger pccoyle's Avatar
    Join Date
    Apr 2001
    Location
    Auckland, Auckland, New Zealand
    Posts
    535
    Thanks
    3
    Thanked 2 Times in 2 Posts

    Identifying IP Address

    Black Ice detected a probe which has an apparent internal address, but i outside our scope. I have tried telnet and finger to try and obtain further details about this IP address, but connections failed.
    Nothing shows up in the DNS, or DHCP, but in WINS the name shown in Black Ice has a different IP address, that is not currently active in DHCP.
    Any ideas as to what is happening or what commands I can use to obtain further details, as this is puzzling me
    Paul Coyle
    Approach love and cooking with reckless abandon

  2. #2
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Identifying IP Address

    Do you have any other details on the probe? Are you certain BlackIce is not giving a false alert of some kind?

    One thing that may help shed some light is PATHPING, which exists under Win2000 and XP. It has a few options available to use as well. Also, consider a PING -a to resolve the address back to a host name, and see if you get anything recognizable. NBTSTAT is yet another command that may help. Try entering these at a command line with the /? switch to see all of your options and choose the ones that apply.

    If you are concerned about it happening again, you could use a packet sniffer such as Ethereal to try and track more information down. If you use this tool, though, make sure you are not going to p*** off anyone at a higher level in the company; most places do not look kindly upon these tools because of the potential for abuse.
    -Mark

  3. #3
    4 Star Lounger pccoyle's Avatar
    Join Date
    Apr 2001
    Location
    Auckland, Auckland, New Zealand
    Posts
    535
    Thanks
    3
    Thanked 2 Times in 2 Posts

    Re: Identifying IP Address

    Thanks again Mark. Took a bit of hunting but discovered that we had a contractor on site and he had plugged into the network, giving himself a static address without letting us know. No wonder I was confused. His NIC card has two address which is why Wins was showing a different IP.
    Paul Coyle
    Approach love and cooking with reckless abandon

  4. #4
    Uranium Lounger
    Join Date
    Jan 2001
    Location
    Cincinnati, Ohio, USA
    Posts
    7,089
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Identifying IP Address

    If I might, how did you end up determining the source of the IP address?
    -Mark

  5. #5
    4 Star Lounger pccoyle's Avatar
    Join Date
    Apr 2001
    Location
    Auckland, Auckland, New Zealand
    Posts
    535
    Thanks
    3
    Thanked 2 Times in 2 Posts

    Re: Identifying IP Address

    It was a mix of tracking and human recollection. Used DameWare to try and identify what was happening, to download the client side to this address so I could have a look at the 'device'. However as a password box popped up, I presumed that it was a PC was running 200 or XP. I then mentioned to our system engineer about the two IP addresses, and he said, sounds as though the NIC card is configured with two address. Then the human 'bingo', he recalled that we were updating the PLC's firmware for our foam machine, so a call to the foam plant, "Is there an engineer on site who has plugged into our network?" Yep. The cheeky sod had looked at a local PC, then set up his address so access the PLC's.
    Fortunately for us our configuration does mean that he would not have been able to get through our firewall to the outside, and if any malware started pinging local PC's they would not find any shares, and we would receive an alert.
    All in all it was a frustrating exercise to find a 'stranger' when a telephone call from one of our foam plant engineers asking for an access point would have saved a lot of time. More education needed.
    Thanks for you help and interest Mark
    Paul Coyle
    Approach love and cooking with reckless abandon

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •