Hello,

We have a ASA5545 running IOS version Cisco Adaptive Security Appliance Software Version 9.8(3)29 that we keep getting active communication hits to several of our conference bridges from a private IP of 192.168.1.83, which we initially identified as a device in one of our foreign offices.  We could ping the IP in question and found a reference to in in our company DNS.  But after identifying it as a device that did not need access to our bridges at all, we couldn't figure out why we would see hits on the firewall coming from it. 

Before denying the IP in the firewall to our bridges, we wanted to try to find out more about it since the IP still belongs to our foreign office private IP space, and blocking it could create problems down the road should we wish to re-assign the IP.  Therefore, we decided to change the IP to another in the same subnet and then confirmed we could no longer ping the old IP.  However, after clearing the firewall connections pertaining to the old, we found them again begin to re-form.

So my question, therefore, is how can I identify this rogue device in a manner other than simply blocking it and seeing if someone on our network complains?