Rogue nodes, ARP, MAC, ICMP and SIGSPY
With many laptops, you must set the file system type to LBA in BIOS to
get Linux to work. Even some desktops require it. YMMV
>We have in interesting problem that appeared a couple of days ago.
>I noticed that the ICMP traffiw was getting a little high so I build a
>ram disk and installed iptraf to see what was going on.
>After running up iptraf I could that someone had assigned themselves a
>static IP and appeared to be pinging the network pretty hard, I'm not
>going to rule out the possibility that they are infected with a virus
>but the simple fact is they have chewed through a far wack of
>On doing an ARP I found their MAC address and did a sigspy so as to
>estimate where they may have been. but was not really able to get a
very >good idea. It then occurred to me that SIGSPY is a passive signal level scanner
and I was wondering if it would be possible to set up a separate machine
and use sigspy to triangulate the location of the offending system. I had
tried to install knoppix on my system but for some reason my laptop
fails to load it. What would be nice is a bootable CD that has the relevant tracking
tools so as to sniff the packets and requests from a client and look at the
relevant signal levels. has anyone come across such a system?