Hello everyone,
Right now, we are facing a security threat in our corporate network. Some machine from the network is trying to access request to the most critical machine on the network. Yes, IDS rules are in place and they are filtering them out. When the hostname of that machine was resolved, we found out that there is no such machine on the network with this hostname and even the IP is not assigned by our DHCP. This is a real RED ALERT kinda situation here for us. I am googling the issue of "IDENT SPOOFING", but really dont getting an idea that how can we get hold of the culprit.
Secondly, people in the network have been trying to install password sniffers and other spyware(NETWORK IS SWITCHED), most of these utilities have ARP poisoning feature causing the network to broadcast times and again. Can someone tell me, if I have the time stamp how can i figure it out that who in the network installed it. lookin g forward for ur suggestions...