Incidents
Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only Apr 12 2006 06:12PM
tsteeves uvic ca (1 replies)
Take an IP from the source host network and add it as a secondary IP on the routed interface for the vlan - for the 0.10.94.27 host add "ip address 0.10.94.254 secondary" to the router. Then do a broadcast ping from the router - ping 0.10.94.255. Then show the arp cache for the vlan - show ip arp vlan xxx | include 0.10.94. - Do you see any entries besides the router interface? If no, you probably have a misconfigured/buggy device on the network. If there are entries, you will be provided with MAC addresses which you can track down easily to the switchport in question. I use this technique to track down rougue DHCP servers, Access Points etc.

[ reply ]
RE: Bogon IPs traffic only seen by netflow, confined within a VLAN only Apr 12 2006 10:17PM
David Gillett (gillettdavid fhda edu) (1 replies)
Re: Bogon IPs traffic only seen by netflow, confined within a VLAN only Apr 13 2006 07:02AM
lupe lupe-christoph de (Lupe Christoph)


 

Privacy Statement
Copyright 2010, SecurityFocus