What do you have at the DMZ? Look at the traffic as it is connecting inbound, and look for that private addee and hopefully you can capture the chatter.
-----Original Message----- From: Vue, Za [mailto:z...@emory.edu] Sent: Friday, February 20, 2009 11:06 AM To: NT System Admin Issues Subject: RE: Question It was a classroom machine so we set it to auto logon. The classroom account has no admin access. The machine has not been renamed either. -Z.V. -----Original Message----- From: Vue, Za [mailto:z...@emory.edu] Sent: Friday, February 20, 2009 12:01 PM To: NT System Admin Issues Subject: RE: Question Remember the stolen Dell? DNS entries are hardcoded on my machines, but IP addresses are released through DHCP. The machine showed up last night on my DNS server with a private IP. I tried to get some information about it but only got "TTL expired in transit" from the border router. If I can get a hold of the MAC I may be able to proceed further. -Z.V. -----Original Message----- From: Christopher Bodnar [mailto:christopher_bod...@glic.com] Sent: Friday, February 20, 2009 11:54 AM To: NT System Admin Issues Subject: RE: Question Can you outline the situation in more detail? Is this an internal client of yours? Or are you talking about a remote client coming across the Internet and hitting a DNS server in your DMZ? If this is all internal you can use the GETMAC resource kit utility. http://technet.microsoft.com/en-us/library/bb490913.aspx Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 -----Original Message----- From: Vue, Za [mailto:z...@emory.edu] Sent: Friday, February 20, 2009 11:46 AM To: NT System Admin Issues Subject: RE: Question I did that already. No ARP found. -Z.V. -----Original Message----- From: richardmccl...@aspca.org [mailto:richardmccl...@aspca.org] Sent: Friday, February 20, 2009 11:44 AM To: NT System Admin Issues Subject: Re: Question 1. Ping the address 2. In a command console, enter "arp -a" -------------------------------------- Richard McClary, Systems Administrator ASPCA Knowledge Management 1717 S Philo Rd, Ste 36, Urbana, IL 61802 217-337-9761 http://www.aspca.org "Vue, Za" <z...@emory.edu> wrote on 02/20/2009 10:37:09 AM: > Windows 2003 AD: > > A machine with a private IP address is using my DNS server for name > resolution. How do I capture the MAC? > > -Z.V. > > This e-mail message (including any attachments) is for the sole use of > the intended recipient(s) and may contain confidential and privileged > information. If the reader of this message is not the intended > recipient, you are hereby notified that any dissemination, distribution > or copying of this message (including any attachments) is strictly > prohibited. > > If you have received this message in error, please contact > the sender by reply e-mail message and destroy all copies of the > original message (including attachments). > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the Girl Scouts of Southwest Texas company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept responsibility for any loss or damage that arise from the use of this email or attachments. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~