RE: Ghost DHCP settings
And when you have a machine that can talk to it (ie. 192.168.1.42) try a web browser on http://192.168.1.1 and see what you get - might be worth a telnet as well, then you know what type of hardware your looking for in the offices too. Once found, undated your network policies to ensure that no one plugs in any unauthorised devices (PCs, switches, hubs, etc) with suitable penalties for those who do. -Original Message- From: Ben Scott [mailto:[EMAIL PROTECTED] Sent: 22 February 2008 06:34 To: NT System Admin Issues Subject: Re: Ghost DHCP settings On Thu, Feb 21, 2008 at 4:01 PM, David Florea, SysAdmin [EMAIL PROTECTED] wrote: Is 192.168.1.1 a default for anything else?? 192.168.1.1 is the default used by a *lot* of SOHO NAT equipment, not just LinkSys. Almost certainly, somebody has taken their bitty-box home router with the built-in four-port-switch, and plugged it into your LAN to get some extra ports, not even knowing they're screwing up your LAN in the process. Assign 192.168.1.42 as an IP address to a test machine, and ping 192.168.1.1 from the test box. Then check the ARP table to get the MAC address of the rogue device. The OUI part of the MAC address will tell you the brand of device. Then use your managed switches to track down the port the rogue device is connected to. If you don't have manged switches, use a non-Microsoft ping tool to flood ping the 192.168.1.1 device. Follow the spastic link lights to find the port. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ The information contained in this E-Mail and any subsequent correspondence is private and is intended solely for the intended recipient(s). The information in this communication may be confidential and/or legally privileged. Nothing in this e-mail is intended to conclude a contract on behalf of QinetiQ or make QinetiQ subject to any other legally binding commitments, unless the e-mail contains an express statement to the contrary or incorporates a formal Purchase Order. For those other than the recipient any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance on such information is prohibited and may be unlawful. Emails and other electronic communication with QinetiQ may be monitored and recorded for business purposes including security, audit and archival purposes. Any response to this email indicates consent to this. Telephone calls to QinetiQ may be monitored or recorded for quality control, security and other business purposes. QinetiQ Limited Registered in England Wales: Company Number:3796233 Registered office: 85 Buckingham Gate, London SW1E 6PD, United Kingdom Trading address: Cody Technology Park, Cody Building, Ively Road, Farnborough, Hampshire, GU14 0LX, United Kingdom http://www.QinetiQ.com/home/legal.html ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: Ghost DHCP settings
Internet connection sharing on a workstation perhaps? On Thu, Feb 21, 2008 at 3:01 PM, David Florea, SysAdmin [EMAIL PROTECTED] wrote: Good standard procedure. But I've had 2 of these machines just today that I renewed the DHCP lease early this morning, and by noon they had picked up that rogue DNS address. I don't have any wireless devices on the network. Is 192.168.1.1 a default for anything else?? David -- *From:* Jon Harris [mailto:[EMAIL PROTECTED] *Sent:* Thursday, February 21, 2008 12:13 PM *To:* NT System Admin Issues *Subject:* Re: Ghost DHCP settings When ever I have to reboot the primary DNS server I always ask all the staff to reboot their systems. It usually saves me the trouble that comes from allowing the systems to re-find the domain and network resources. Jon On Thu, Feb 21, 2008 at 2:05 PM, David Florea, SysAdmin [EMAIL PROTECTED] wrote: By mistake yesterday, both of my DCs were down at the same time. Of course, the entire network croaked for a few minutes. But ever since then, several of my machines are picking up a weird DNS setting. Instead of 192.168.1.15 and .5, they are showing 192.168.1.1 for a DNS server, and therefore have great trouble seeing network resources. I've doublechecked the DHCP scope and server options, they're correct. I don't even have a 1.1 network address on my system. Where the heck is that coming from? I've even had a couple of machines pick it up again a couple of hours after I've done a /release and /renew. Thanks, David ___ The information contained in this E-mail message, including any attached files transmitted, is confidential and may be legally privileged. It is intended only for the sole use of the individual(s) named above. If you are the intended recipient, be aware that your use of any confidential or personal information may be restricted by state and federal privacy laws. If you, the reader of this message, are not the intended recipient, you are hereby notified that you should not further disseminate, distribute or forward this E-mail message. If you have received this E-mail in error, please notify the sender and delete the material from your computer system. This message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments in any jurisdiction. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ __ The information contained in this E-mail message, including any attached files transmitted, is confidential and may be legally privileged. It is intended only for the sole use of the individual(s) named above. If you are the intended recipient, be aware that your use of any confidential or personal information may be restricted by state and federal privacy laws. If you, the reader of this message, are not the intended recipient, you are hereby notified that you should not further disseminate, distribute or forward this E-mail message. If you have received this E-mail in error, please notify the sender and delete the material from your computer system. This message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments in any jurisdiction. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Ghost DHCP settings
Make sure no one has plugged a home router (Linksys, Netgear, etc.) into your network that is now pumping out DHCP responses. -Brian -Original Message- From: David Florea, SysAdmin [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 1:05 PM To: NT System Admin Issues Subject: Ghost DHCP settings By mistake yesterday, both of my DCs were down at the same time. Of course, the entire network croaked for a few minutes. But ever since then, several of my machines are picking up a weird DNS setting. Instead of 192.168.1.15 and .5, they are showing 192.168.1.1 for a DNS server, and therefore have great trouble seeing network resources. I've doublechecked the DHCP scope and server options, they're correct. I don't even have a 1.1 network address on my system. Where the heck is that coming from? I've even had a couple of machines pick it up again a couple of hours after I've done a /release and /renew. Thanks, David ___ The information contained in this E-mail message, including any attached files transmitted, is confidential and may be legally privileged. It is intended only for the sole use of the individual(s) named above. If you are the intended recipient, be aware that your use of any confidential or personal information may be restricted by state and federal privacy laws. If you, the reader of this message, are not the intended recipient, you are hereby notified that you should not further disseminate, distribute or forward this E-mail message. If you have received this E-mail in error, please notify the sender and delete the material from your computer system. This message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments in any jurisdiction. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Ghost DHCP settings
Got a rouge Linksys router on your network perhaps? Maybe it's handing out DHCP... Roger Wright Network Administrator Evatone, Inc. 727.572.7076 x388 People are always available for work in the past tense. -Original Message- From: David Florea, SysAdmin [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 2:05 PM To: NT System Admin Issues Subject: Ghost DHCP settings By mistake yesterday, both of my DCs were down at the same time. Of course, the entire network croaked for a few minutes. But ever since then, several of my machines are picking up a weird DNS setting. Instead of 192.168.1.15 and .5, they are showing 192.168.1.1 for a DNS server, and therefore have great trouble seeing network resources. I've doublechecked the DHCP scope and server options, they're correct. I don't even have a 1.1 network address on my system. Where the heck is that coming from? I've even had a couple of machines pick it up again a couple of hours after I've done a /release and /renew. Thanks, David ___ The information contained in this E-mail message, including any attached files transmitted, is confidential and may be legally privileged. It is intended only for the sole use of the individual(s) named above. If you are the intended recipient, be aware that your use of any confidential or personal information may be restricted by state and federal privacy laws. If you, the reader of this message, are not the intended recipient, you are hereby notified that you should not further disseminate, distribute or forward this E-mail message. If you have received this E-mail in error, please notify the sender and delete the material from your computer system. This message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments in any jurisdiction. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: Ghost DHCP settings
When ever I have to reboot the primary DNS server I always ask all the staff to reboot their systems. It usually saves me the trouble that comes from allowing the systems to re-find the domain and network resources. Jon On Thu, Feb 21, 2008 at 2:05 PM, David Florea, SysAdmin [EMAIL PROTECTED] wrote: By mistake yesterday, both of my DCs were down at the same time. Of course, the entire network croaked for a few minutes. But ever since then, several of my machines are picking up a weird DNS setting. Instead of 192.168.1.15 and .5, they are showing 192.168.1.1 for a DNS server, and therefore have great trouble seeing network resources. I've doublechecked the DHCP scope and server options, they're correct. I don't even have a 1.1 network address on my system. Where the heck is that coming from? I've even had a couple of machines pick it up again a couple of hours after I've done a /release and /renew. Thanks, David ___ The information contained in this E-mail message, including any attached files transmitted, is confidential and may be legally privileged. It is intended only for the sole use of the individual(s) named above. If you are the intended recipient, be aware that your use of any confidential or personal information may be restricted by state and federal privacy laws. If you, the reader of this message, are not the intended recipient, you are hereby notified that you should not further disseminate, distribute or forward this E-mail message. If you have received this E-mail in error, please notify the sender and delete the material from your computer system. This message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments in any jurisdiction. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: Ghost DHCP settings
I'd check your network for any rogue devices, especially wireless. Linksys uses 192.168.1.1 as a default address in a lot of their gear. HTH Joe On Thu, Feb 21, 2008 at 2:05 PM, David Florea, SysAdmin [EMAIL PROTECTED] wrote: By mistake yesterday, both of my DCs were down at the same time. Of course, the entire network croaked for a few minutes. But ever since then, several of my machines are picking up a weird DNS setting. Instead of 192.168.1.15 and .5, they are showing 192.168.1.1 for a DNS server, and therefore have great trouble seeing network resources. I've doublechecked the DHCP scope and server options, they're correct. I don't even have a 1.1 network address on my system. Where the heck is that coming from? I've even had a couple of machines pick it up again a couple of hours after I've done a /release and /renew. Thanks, David ___ The information contained in this E-mail message, including any attached files transmitted, is confidential and may be legally privileged. It is intended only for the sole use of the individual(s) named above. If you are the intended recipient, be aware that your use of any confidential or personal information may be restricted by state and federal privacy laws. If you, the reader of this message, are not the intended recipient, you are hereby notified that you should not further disseminate, distribute or forward this E-mail message. If you have received this E-mail in error, please notify the sender and delete the material from your computer system. This message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments in any jurisdiction. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ -- Joe Fox Systems/Network Administrator Mobile# (716) 846-9308 http://www.linkedin.com/in/josephfoxjr The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient be advised that any unauthorized use, disclosure, copying, distribution or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone at 716-846-9308 or by return e-mail. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: Ghost DHCP settings
Good standard procedure. But I've had 2 of these machines just today that I renewed the DHCP lease early this morning, and by noon they had picked up that rogue DNS address. I don't have any wireless devices on the network. Is 192.168.1.1 a default for anything else?? David From: Jon Harris [mailto:[EMAIL PROTECTED] Sent: Thursday, February 21, 2008 12:13 PM To: NT System Admin Issues Subject: Re: Ghost DHCP settings When ever I have to reboot the primary DNS server I always ask all the staff to reboot their systems. It usually saves me the trouble that comes from allowing the systems to re-find the domain and network resources. Jon On Thu, Feb 21, 2008 at 2:05 PM, David Florea, SysAdmin [EMAIL PROTECTED] wrote: By mistake yesterday, both of my DCs were down at the same time. Of course, the entire network croaked for a few minutes. But ever since then, several of my machines are picking up a weird DNS setting. Instead of 192.168.1.15 http://192.168.1.15/ and .5, they are showing 192.168.1.1 http://192.168.1.1/ for a DNS server, and therefore have great trouble seeing network resources. I've doublechecked the DHCP scope and server options, they're correct. I don't even have a 1.1 network address on my system. Where the heck is that coming from? I've even had a couple of machines pick it up again a couple of hours after I've done a /release and /renew. Thanks, David ___ The information contained in this E-mail message, including any attached files transmitted, is confidential and may be legally privileged. It is intended only for the sole use of the individual(s) named above. If you are the intended recipient, be aware that your use of any confidential or personal information may be restricted by state and federal privacy laws. If you, the reader of this message, are not the intended recipient, you are hereby notified that you should not further disseminate, distribute or forward this E-mail message. If you have received this E-mail in error, please notify the sender and delete the material from your computer system. This message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments in any jurisdiction. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ___ The information contained in this E-mail message, including any attached files transmitted, is confidential and may be legally privileged. It is intended only for the sole use of the individual(s) named above. If you are the intended recipient, be aware that your use of any confidential or personal information may be restricted by state and federal privacy laws. If you, the reader of this message, are not the intended recipient, you are hereby notified that you should not further disseminate, distribute or forward this E-mail message. If you have received this E-mail in error, please notify the sender and delete the material from your computer system. This message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments in any jurisdiction. ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: Ghost DHCP settings
On Thu, Feb 21, 2008 at 4:01 PM, David Florea, SysAdmin [EMAIL PROTECTED] wrote: Is 192.168.1.1 a default for anything else?? 192.168.1.1 is the default used by a *lot* of SOHO NAT equipment, not just LinkSys. Almost certainly, somebody has taken their bitty-box home router with the built-in four-port-switch, and plugged it into your LAN to get some extra ports, not even knowing they're screwing up your LAN in the process. Assign 192.168.1.42 as an IP address to a test machine, and ping 192.168.1.1 from the test box. Then check the ARP table to get the MAC address of the rogue device. The OUI part of the MAC address will tell you the brand of device. Then use your managed switches to track down the port the rogue device is connected to. If you don't have manged switches, use a non-Microsoft ping tool to flood ping the 192.168.1.1 device. Follow the spastic link lights to find the port. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~