![]() ![]() I attempted a crash course in IPv6 and learned that the fe80 prefix means the address is link-local and I can supposedly derive the MAC address from the address. But this network doesn't have a IPv6 DHCP server and arp doesn't seem to speak IPv6. Failing that, I'd ping it, then run arp -a to get its MAC address, which at least gives me the manufacturer. ![]() With an IPv4 device I can look at my DHCP leases to get the device name. I ran tracert and determined it's on the local link and currently online: Tracing route to fe80::113d:d91e:e685:943b over a maximum of 30 hopsġ 9 ms <1 ms 1 ms fe80::113d:d91e:e685:943b I'm a noob when it comes to IPv6 and I've got a machine on my 60+ node network that is part of a malware-spewing botnet. Finally after four days a matching DNS lookup request was made, but to my dismay the request came from the address fe80::113d:d91e:e685:943b. I need to find that device and deal with it, so I enabled logging on my DNS server. My ISP notified me that a device on my network performed a DNS lookup for one of the C&C servers taken offline in the recent law enforcement action against the Avalanche botnet. ![]() I've avoided IPv6 until now, but my blissful ignorance must end. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |