What kind of switch do you have?

Most managed switches have the ability to show what mac addresses are living on what port on the switch.

Most printers have the ability to print out a configuration page that tells you the MAC, IP, DNS settings etc etc etc.

cd1zz is gracefully exiting this conversation

Good luck!

I vote OSCP! Here's my review:

http://networkadminsecrets.blogspot.com/2010/12/offensive-security-certified.html

I agree -- if you're just starting, the OSCP might scare the living crap out of you. Start a little lower and then hit the OSCP.

Dude you're confusing the shit out of me. If you've found the port on the patch panel what seems to be the problem? Cant you just trace the cable to the switch? You might want to provide as many details a possible so people can help you. Based on your original question:

"I was wondering if is there any way that I could trace a mac (one from a workstation) so I could know the switch that this machine is liked to, then I could easily find the port in cause."

It sounds like you're trying to find the port that the multifunction printer is located on the switch? Please provide more details and be much more specific.

An analog device is not going to light up an ethernet switch port. Nor will it have a MAC address as you were asking in your first post. You're going to have to tone this out with a network toner from the port on the wall to your patch panel.

oh i see, you're converting it to VOIP and then back again. I wonder if your ATA's are busted? Do you get LED activity lights on your ATA adapters? If the ATAs are good, and you still don't see any LEDs drop off the switch when you unplug it, there must be another switch along the way - or this drop goes to a different place than you think it does.

Also, make sure on your switch that your LED lights are set to "activity" some switches have settings like "enabled" or the duplex setting.

However, I'm thinking this port doesn't go where you think it does otherwise the toner would have found it.

Its pretty entertaining, do a search on twitter for @LIGATT -- people bitch about him every day about some shady thing he's up to.

Is this an analog fax machine?

There is nothing that I know of that when you double click it will shout at you that "this system has been compromised." Your client antivirus would be the closest I can think of. You're in the realm of investigation here.

I would start with the basic stuff.... Do a netstat and see what connections there are, do any of them look goofy? IE Do you see an https connection from the domain controller out to an IP in China? Use FPORT to see what processes are making what connections. Do you see any weird processes in taskmanager? Do you see imstealingallyourstuff.exe in taskmgr? Things like this would be a good place to start. Other than that you would have to look at an IDS, packet capture etc. Those links above are really what you want to look at....

If the system has been compromised well enough......you wont ever know.... muuuahhhaa.

Do it the hard way - at the end of the day look at your switch and see which lights are active, write them all down.

Go unplug your new device and then check the switch to see which port has turned off.

Those are good and here are a few others that I have used:

http://www.ucl.ac.uk/cert/win_intrusion.pdf
http://zeltser.com/log-management/security-incident-log-review-checklist.html
http://zeltser.com/network-os-security/security-incident-survey-cheat-sheet.html
http://zeltser.com/network-os-security/security-incident-questionnaire-cheat-sheet.html

It certainly is. There may be a vulnerability, but if there is no measurable threat, then you have no risk so you're probably better off focusing on other issues.

If this is on your home network, on the LAN side then don't worry about those. If you're not using telnet to your router then turn that service off. Rule of thumb....turn everything off and then only turn on stuff you need.

If this was from the outside in, you'd have some issues but these are minuscule compared to other issues you may encounter on your network, IE bad wifi security, poor client security/patching etc etc etc.....

R2 is fine - that's what I'm using.

Do you have additional information on the 5 vulns it found? I've only found 2 DOS issues that that device has in regards to the web interface. The DOS may only be that which would be a nuisance on a home network but obviously more of an issue on a business network. Keep in mind that a DOS may actually be more than that, it could be that the researcher just didn't do enough work to get code execution and stopped at the DOS.

If there are no firmware updates for that device then you wont be able to remediate those vulns. However, you can mitigate your risk by making sure that the web interface is not exposed externally or using a different OS on the device like you mentioned. DD-WRT is actively maintained but like anything else, has its own issues:

http://www.exploit-db.com/search/?action=search&filter_page=1&filter_description=dd-wrt&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=

If I were you... I'd try to bust into that thing and see for yourself how big of a risk those vulns are!