My servers and the machines where I do my troubleshooting are running Windows. How can I determine which device on my network has this IPv6 address? None of the OUI lookup tools recognize it and it doesn't appear in my IPv4 DHCP leases. Convert between unix timestamp and datetime formats. I tried that and get the MAC 13:3d:d9:85:94:3b. This also works in modern Windows and nix versions, however this does not work in legacy software, so ipv6. For example, in Apache HTTP Server: IPv6 addresses must be surrounded in square brackets. I attempted a crash course in IPv6 and learned that the fe80 prefix means the address is link-local and I can supposedly derive the MAC address from the address. To use IPv6 address in URL, UNC path, nix command line, configuration file, file name parsing, etc., often it must be converted to literal address. But this network doesn't have a IPv6 DHCP server and arp doesn't seem to speak IPv6. Failing that, I'd ping it, then run arp -a to get its MAC address, which at least gives me the manufacturer. With an IPv4 device I can look at my DHCP leases to get the device name. I ran tracert and determined it's on the local link and currently online: Tracing route to fe80::113d:d91e:e685:943b over a maximum of 30 hopsġ 9 ms <1 ms 1 ms fe80::113d:d91e:e685:943b I'm a noob when it comes to IPv6 and I've got a machine on my 60+ node network that is part of a malware-spewing botnet. Finally after four days a matching DNS lookup request was made, but to my dismay the request came from the address fe80::113d:d91e:e685:943b. I need to find that device and deal with it, so I enabled logging on my DNS server. My ISP notified me that a device on my network performed a DNS lookup for one of the C&C servers taken offline in the recent law enforcement action against the Avalanche botnet. I've avoided IPv6 until now, but my blissful ignorance must end.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |