General discussion
-
Topic
-
Rogue DHCP server
LockedLast Monday we started having people getting 192.168.233.xxx IP addresses in the office. An ipconfig shows the IP and mask but no gateway address. The DHCP server IP is 192.168.233.254 but is not pingable. The MAC address is a VMware address. It also keeps changing. WireShark showf IPs in the 192.168.233.xxx range trying to connect to 192.168.233.1 and 192.168.233.254 without success.
We do have 2 wireless networks but they are using different IP ranges. I was able to access one of our switches and extract the ARP table but it does not show either the IP or MAC address of the DHCP server. I do not have access to the other 2 switches and do not have the proper console cables for them. HP is shipping me a pair but they will not be here until next week. I have checked most of the desktops and all the VMs running on our blade server for the MAC address without success. As a software compant we have hundredes of VMs running at any given time for development, QA and support. I have not been able to get any responce from corporate IT since Monday and am about ready to just shut down the the switches one at a time until it stops and then start that shitch again and pull cables until it stops again. Does anyone have a better idea?????
Thanks