Tracking down the phantom host
Most information systems security professionals are familiar with the procedures for identifying malicious traffic among their routine data, and many of the same professionals are familiar with the forensic procedures required once you have identified a compromised host. But on more than one occasion, I have been asked how to locate a problem host when you are not sure where it is physically located.
This problem can arise innocently, such as when network wiring diagrams are not kept up-to-date, or not-so-innocently, when the less-than-trustworthy administrator decides to put a web server on the company's DMZ so as not to use all the available bandwidth on his home cable modem.
[ Read more ]