You didn't say if the network was using NetBIOS over TCP or straight NETBEUI. Since the only address you've captured in the machine address I'm going to assume you're using a bridged NetBIOS network in which case you can trace the MAC addresses back through the bridges. Look at the forwarding table to determine what interface the packet comes and trace back to the next bridge. Unfortunately not all bridge allow access to their tables.
I'm sure somewhere there is a utility that enumberates NETBIOS names (netlis13.zip ??) but if not there's a piece of code on the Microsoft Developer's site you can use.
http://msdn.microsoft.com/library/default.asp?URL=/library/psdk/network/netbios_0xv8.htm
-- Bill Stackpole, CISSP
| "AEHeald" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED] 02/20/01 12:04 PM
|
To: "'[EMAIL PROTECTED]' '" <[EMAIL PROTECTED]> cc: Subject: Would anyone know |
Hello all;
I have lurked on this list for a year plus and learned a great deal from all
of you.
Right now I am trying to track down a machine(s) and only have the NIC
address as a locator. This is an NT/Netbios network. (All booing should be
considered heard and agreed with) and I need to find out the machine which
is attempting to perpetrate an external DDOS from behind my firewall.
Please let me know your thoughts.
Arian Heald
Sr. Systems Engineer
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
