×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

how to find hacker

Unanswered Question
Nov 6th, 2003
User Badges:

Some one modified his workstation' MAC and rebooted his machine.Then he again modified his machine's MAC to origin after he intruded into my computer. My IDS recorded his ip and MAC. How to find which house the hacker's computer is? After the hacker has disconnected,can I find which port of switch his machine used to connect?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lwierenga Sat, 11/08/2003 - 21:25
User Badges:

You will have to give more information on the situation, because it sounds like this is community housing or a dorm? Here is the problem, if the attacker that compromised your system is good enough to get in, then he probably wouldn't be using his IP address, as opposed to spoofing this address. If you have his MAC address then you can compare this address with the addresses in arp table of the switch. Use the sh arp command.

Actions

This Discussion