Tracking an IP address?

Priapus

Priapus

Priapus

Soldato
Joined
30 Jul 2004
Posts
10,572
Location
East Sussex, UK
Howzit guys.

I've got a network with 15 computers all setup with static IP addresses. I also have a web server in place, that filters all internet traffic. It gives me weekly and monthly reports.

So looking over the reports I can see two IP addresses; 192.168.2.3 and 192.168.2.4. These two clients are using a lot of bandwidth. :(

I have tried to ping both addresses in CMD with no response. Is there any way to block both addresses to all internet and network traffic and if possible find out where they are coming from?

I also have a wifi network up so my thoughts are that someone else is on the network. :mad:

Any help would be greatly appreciated! :D
 
can you not filter it at the webserver:

"I also have a web server in place, that filters all internet traffic"

failing that you could block it at your gateway firewall / router?

Im guessing this is dhcp, so the ip address is prone to change - take the mac address for the offenders from the arp table on your router / switch and block that?
 
Ice On Fire said:
Howzit guys.

I've got a network with 15 computers all setup with static IP addresses. I also have a web server in place, that filters all internet traffic. It gives me weekly and monthly reports.

So looking over the reports I can see two IP addresses; 192.168.2.3 and 192.168.2.4. These two clients are using a lot of bandwidth. :(

I have tried to ping both addresses in CMD with no response. Is there any way to block both addresses to all internet and network traffic and if possible find out where they are coming from?

I also have a wifi network up so my thoughts are that someone else is on the network. :mad:

Any help would be greatly appreciated! :D
Click to expand...

what makes you think someone else is on your network?

don't you have it secured?

is it not likely to be one of those 15 boxes with a .3 and .4 address?

if it does turn out to be someone on your network, then secure it. not with wep or mac filtering, but with wpa.
 
I have WPA in place but it's a simple key for some reason. The web filter cannot block one IP address from the internet. Hence it needs to be done at the gateway.
 
Why not update the WPA key and/or disable wireless for the most part. Disable DHCP too and also move your network to a different IP range (e.g. 192.168.45.xxx). It'll probably confuse someone trying to jump onto your wireless network.

Change the WPA key at least once a month too.
 
use wpa-psk

go here and use one of those randomly generated 64 hex passwords and give each box it.

https://www.grc.com/passwords.htm

you will have no more visits from now on.

its probably someone connecting unknowingly with zero config enabled. its in its nature to search for a stronger signal without user intervention, hence its name.


edit, well just thought it cant be casual piggy backers as user intervention must be at play here as you said you do have it enabled but with weak password.

are you sure its not your boxes? .3 and .4 would mean they would be the 3rd and 4th computers to connect to your network. dhcp is sequential.

after you have set up wpa, i would also as a precautionary measure, limit the range dhcp has to assign addresses. like 192.168.2.1 - 192.168.2.15. and if your xomputers are connected 24/7 all the slots will be taken anyway.
 
Last edited:
Hi.

Aekeron: I will be changing the WPA every month or so. :) I will also disable DHCP a bit later when no one is on the network.

Dogoid: Excellent idea I will use the above linky.

I've set all machines to a .101, .102 ect addresses, so, .3. and .4 would be open. Limiting the IP addresees might cause more hessel, me thinks? :(

Will give this ago a let you know how I get on!
 
As Dogoid suggested, leaving DHCP on but limiting the IP range could work pretty well. I guess it depends on whether or not you often have additional PCs connected to the network.

Do you really need the wireless to be turned on? And if so, do you need it 24/7? Some APs/routers support scheduling so you could just have it on at certain times and/or just turn it on when needed (will probably make the wifi-stealers look elsewhere).
 
You must log in or register to reply here.
Back
Top Bottom