Some one modified his workstation' MAC and rebooted his machine.Then he again modified his machine's MAC to origin after he intruded into my computer. My IDS recorded his ip and MAC. How to find which house the hacker's computer is? After the hacker has disconnected,can I find which port of switch his machine used to connect?
You will have to give more information on the situation, because it sounds like this is community housing or a dorm? Here is the problem, if the attacker that compromised your system is good enough to get in, then he probably wouldn't be using his IP address, as opposed to spoofing this address. If you have his MAC address then you can compare this address with the addresses in arp table of the switch. Use the sh arp command.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...