I'm running a Cisco network in a hospital, and have isolated off all medical devices on their own VLAN's with ACL's applied. (recommendation since last years wannacry.
I'm now seeing in the log IP addresses that aren't part of our internal network, (192.168. sources and destinations). Now I need to locate where this is coming from. Many medical device suppliers run their own private networks behind a device for their own internal operation, but something somewhere is leaking through.
Any tips on locating these sources. They're unrouted on the LAN so will always follow the default route, and as such I've no way of tracing back where it's come from, but without sticking wireshark onto each individual device through a mirror port to see what's coming through, I've got no idea how to quickly trace back.
Any help is appreciated.
No comments:
Post a Comment