Network Security: Detailed info on Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only

from [tsteeves] Network Security

[Permanent Link]

Subject:	Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only
Date:	12 Apr 2006 18:12:28 -0000

Take an IP from the source host network and add it as a secondary IP on the 
routed interface for the vlan - for the 0.10.94.27 host add "ip address 
0.10.94.254 secondary" to the router. Then do a broadcast ping from the router 
- ping 0.10.94.255. Then show the arp cache for the vlan - show ip arp vlan xxx 
| include 0.10.94. - Do you see any entries besides the router interface? If 
no, you probably have a misconfigured/buggy device on the network. If  there 
are entries, you will be provided with MAC addresses which you can track down 
easily to the switchport in question. I use this technique to track down rougue 
DHCP servers, Access Points etc.

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Bogon IPs traffic only seen by netflow, confined within a VLAN only, Stef Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Roland Dobbins Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Valdis . Kletnieks Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Roland Dobbins Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Stef Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Roland Dobbins Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, AJ Cochenour Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, stcroix111 Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, tsteeves <= RE: Bogon IPs traffic only seen by netflow, confined within a VLAN only, David Gillett Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, Lupe Christoph

Previous by Date:	RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly, Jose Nazario
Next by Date:	RE: Bogon IPs traffic only seen by netflow, confined within a VLAN only, David Gillett
Previous by Thread:	Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only, stcroix111
Next by Thread:	RE: Bogon IPs traffic only seen by netflow, confined within a VLAN only, David Gillett
Indexes:	[Date] [Thread] [Top] [All Lists]