±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 3 Overall: 36445
New Yesterday: 2 Visitors: 152

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Unknown Device on Network

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

Minesh
Senior Member
 

Unknown Device on Network

Post Posted: Feb 26, 08 16:55

Hi,

We have a an unknown device's IP address, and unable to locate it, but have found the MAC address begins E2-12-1D (Unknown OUI). As yet, we are unable to identify what it is, or whether it is a spoofed MAC. It's showing up as an NTP server, but doesn't respond to pings etc.

Suggestions welcome,

Thanks

Minesh

EDIT: Had to get onto Networking guys and they have pinpointed the location of the device... will investigate later.  

Last edited by Minesh on Feb 26, 08 18:00; edited 4 times in total
 
  

azrael
Senior Member
 

Re: MAC Address Database?

Post Posted: Feb 26, 08 17:03

First hit in Google ?

standards.ieee.org/reg...ndex.shtml

Razz
_________________
--
Azrael
-- 
 
  

Minesh
Senior Member
 

Re: MAC Address Database?

Post Posted: Feb 26, 08 17:11

Sorry, forgot to edit the first bit out my post.

I suppose the question is, does anyone know how we can identify this unknown device?

Minesh  
 
  

iruiper
Senior Member
 

Re: Unknown Device on Network

Post Posted: Feb 26, 08 18:03

And haven't you been able to traceroute it until some very specific point?  
 
  

Minesh
Senior Member
 

Re: Unknown Device on Network

Post Posted: Feb 26, 08 18:12

It didn't respond to pin or tracert. We tried all we can from our end, but in the end got the networking guys to pinpoint it's location.

Would be great if there was another way though.

Minesh  
 
  

keydet89
Senior Member
 

Re: Unknown Device on Network

Post Posted: Feb 26, 08 18:47

- Minesh
It didn't respond to pin or tracert. We tried all we can from our end, but in the end got the networking guys to pinpoint it's location.

Would be great if there was another way though.


In this thread so far, I've seen no mention of either SNMP or nmap.

Also, if this system was identified as an NTP server, how was this done? Traffic analysis? If so, you might consider using p0f and targeting just that system by IP.  
 
  

Minesh
Senior Member
 

Re: Unknown Device on Network

Post Posted: Feb 26, 08 19:42

Thanks Harlan...

NMAP has found that it's running XP Home in French Language, so that helps us a bit! The NTP server was discovered using the old sourceforge NetTime (why its still used I do not know). Will give p0f a go.

Totally forgot about NMAP!

Cheers

Minesh  
 

Page 1 of 2
Page 1, 2  Next