LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   Hardware address misuse (http://www.linuxquestions.org/questions/slackware-14/hardware-address-misuse-537066/)

srikrishna097 03-13-2007 09:12 AM

Hardware address misuse
 
Im in a university where in , we are required to register our hardware addresses for our internet connection , however someone seems to be misusing the system by using the address to which ive been registered to. He comes online for only for a limited period of time in the day and i need to sniff the person out ,How do i do it??

nx5000 03-13-2007 09:17 AM

Quote:

Originally Posted by srikrishna097
Im in a university where in , we are required to register our hardware addresses for our internet connection

Call them and explain them the problem because there is no easy solution.
Quote:

, however someone seems to be misusing the system by using the address to which ive been registered to. He comes online for only for a limited period of time in the day and i need to sniff the person out ,How do i do it??
Try arpwatch
If he does a mistake, you will get his real mac adress
I have no other legal idea ;)

GrapefruiTgirl 03-13-2007 04:50 PM

Hmm.. Interestng.
I wonder, if you could supply them with your hardware address (MAC address) you'll probably need to work with the system admins of your university and suggest to them to peruse/monitor the server logs looking for your address and where it is connecting from (should be very easy for them to insert a rule into their firewall to react to any specific address), and meanwhile check into overriding your actual hardware address with a software one until the culprit is located, at which point you can switch back to your default HWaddress.
I am not certain, I think as far as overriding your HWaddress you need to use IPtables or something to do with Inetd.. Sorry I can't remember where I just recently came across it on my system, but I'll have a peek around and if you like, post the info.
Best of luck! Darned address thieves Grr :P

GrapefruiTgirl 03-13-2007 04:59 PM

Quote:

#HWADDR[4]="00:01:23:45:67:89" # Overrule the card's hardware MAC address
Ahhh, here it is, from etc/rc.inet1.conf

Not sure what the [4] is for (no pun intended, lol), but there is one on every line of my file.
If stealing an address is (and it likely is) against university policy :) you could change yours and leave the culprit-finding up to the sysadmins.. just remember to register your new address with the system.


All times are GMT -5. The time now is 06:05 AM.