Questions

IP Conflict on our Network

+
0 Votes
Locked

IP Conflict on our Network

jvillano
So, we have implemented a new windows domain at our business. No, problems with it whats so ever until this morning. My boss asks me who's IP's I switched last friday. I thought to myself, "hey I did switch an IP but I'ld switched it to XXX.XXX.125.6 just so I could use windows update and fix the WGA issues we where having". Now xxx.xxx.125.xxx is the admin range and the .6 is my computer's assigned ip address to my comps mac. My boss's issue was that someone was using his IP. XXX.XXX.125.5, I went around to all the computers in the company on a whim and checked. No one had 125.5
Everyone was where they where supposed to be so I pinged XXX.XXX.125.5 then ARP -a the ip and got back a MAC address that is not on our list. We then removed my boss's mac from the list and blocked the 125.5 IP. Is there a simple mistake I am missing or has our domain been compromised? I am new to the field and still learning rather rapidly, and would like to know how this happend.
  • +
    0 Votes
    jvillano

    The IP xxx.xxx.125.5 was up and down. It was all not making to much sense?

    +
    0 Votes
    CG IT

    the bosses computer's NIC and the IP address is the same one assigned to the bosses computer, I would venture to say that someone got the address [not hard to do if there isn't some type of security on the workstations]and tried to use it.

    If the MAC address isn't any in the documentation of all comps on the network, then I would say someone got the bosses IP address from ipconfig used it on their comp [laptop..don't think someone brought in their desktop] .

    So, it would seem you need to scrutinize your network security and consider a managed switch like a Cisco 2960 where you can assign a MAC address to a port so that only those comps assigned can use that port, then think about Group Policy to restrict users ability to get to a command prompt, network settings and the lot.

    +
    0 Votes
    jvillano

    I went around to all the computers and they where all on DHCP. We have about 40 computers and 50 vt400 => 500's running off an old alpha box (ipx). The only laptop here is the owners and he was on his specific IP. All the rights and privilages are right everyone was forced into strong passwords. It is confusing.. My guess might be but I know I am wrong.. Say if your comp is set to DHCP and lets say you take your self off.. is there a way that the DNS server will think that you still exist and not allow for that IP to be assigned to you even if the IP is set to be assigned to your mac?

    +
    0 Votes
    CG IT

    you really ought to get rid of IPX it's a very chatty protocol. MACs will work on TCP/IP.

    are far as addressing, if you run DHCP and all clients get their addresses from it [except those you have reserved for static addresses like servers, network printers ]usually the lease is 3 to 7 days with a renew after 50% of the lease time is up.

    To have a DHCP enabled computer obtain a statically assigned address assigned to another computer, 1 of 2 events have to be present. 1. someone changed their TCP/IP properties on their computer to the that address
    2. there isn't a reservation in DHCP for that IP address therefore DHCP would assign it if it's the next in line during a DHCP renew event. If that happened they you would get the duplicate IP address message.

    DHCP is very good at tracking addresses and doesn't assign a duplicate.

    +
    0 Votes
    jordanspcrepair

    i totally agree with CG IT on what he said. Use DHCP, and just assign enough address for all your computers that doesnt need a static IP address, and set up the lease to be like 1 or 2 days or whatever u feel comfortable with.

    +
    0 Votes
    jvillano

    We are doing that... That is why I am so confused. Each of the mac's has a specific IP assign to them. As for the IPX those serial connections they are only attached to the Alpha box (that is a mess and the owner isn't looking to upgrade since we just picked up a back up Alpha box ) Besides that...

    I come in this morning to my boss asking me who did you assign 10.137.127.11 to. Of course I didn't do anything but it is showing up in the logs as BADADDRESS yet it is still is used. The mac address was the same as the one my boss was getting when his IP was being used. of course it wasn't on my list of mac's.. To stop it we removed the mac that was assigned to the now BAD IP and then disabled the nic on the computer it was supposed to be assigned to. (had to because it would still pop up DHCP has assigned your IP to a different computer) then mysteriously the IP would stop and we could reassign... (we are both new to DHCP can you tell?)

    +
    0 Votes
    jordanspcrepair

    ok. i probably wouldn't use dhcp for your network if you are going to be assigning specific ip addresses to certain MAC addresses. i would probably manually configure each computer with a ip address and associate that way, but i don't know.

  • +
    0 Votes
    jvillano

    The IP xxx.xxx.125.5 was up and down. It was all not making to much sense?

    +
    0 Votes
    CG IT

    the bosses computer's NIC and the IP address is the same one assigned to the bosses computer, I would venture to say that someone got the address [not hard to do if there isn't some type of security on the workstations]and tried to use it.

    If the MAC address isn't any in the documentation of all comps on the network, then I would say someone got the bosses IP address from ipconfig used it on their comp [laptop..don't think someone brought in their desktop] .

    So, it would seem you need to scrutinize your network security and consider a managed switch like a Cisco 2960 where you can assign a MAC address to a port so that only those comps assigned can use that port, then think about Group Policy to restrict users ability to get to a command prompt, network settings and the lot.

    +
    0 Votes
    jvillano

    I went around to all the computers and they where all on DHCP. We have about 40 computers and 50 vt400 => 500's running off an old alpha box (ipx). The only laptop here is the owners and he was on his specific IP. All the rights and privilages are right everyone was forced into strong passwords. It is confusing.. My guess might be but I know I am wrong.. Say if your comp is set to DHCP and lets say you take your self off.. is there a way that the DNS server will think that you still exist and not allow for that IP to be assigned to you even if the IP is set to be assigned to your mac?

    +
    0 Votes
    CG IT

    you really ought to get rid of IPX it's a very chatty protocol. MACs will work on TCP/IP.

    are far as addressing, if you run DHCP and all clients get their addresses from it [except those you have reserved for static addresses like servers, network printers ]usually the lease is 3 to 7 days with a renew after 50% of the lease time is up.

    To have a DHCP enabled computer obtain a statically assigned address assigned to another computer, 1 of 2 events have to be present. 1. someone changed their TCP/IP properties on their computer to the that address
    2. there isn't a reservation in DHCP for that IP address therefore DHCP would assign it if it's the next in line during a DHCP renew event. If that happened they you would get the duplicate IP address message.

    DHCP is very good at tracking addresses and doesn't assign a duplicate.

    +
    0 Votes
    jordanspcrepair

    i totally agree with CG IT on what he said. Use DHCP, and just assign enough address for all your computers that doesnt need a static IP address, and set up the lease to be like 1 or 2 days or whatever u feel comfortable with.

    +
    0 Votes
    jvillano

    We are doing that... That is why I am so confused. Each of the mac's has a specific IP assign to them. As for the IPX those serial connections they are only attached to the Alpha box (that is a mess and the owner isn't looking to upgrade since we just picked up a back up Alpha box ) Besides that...

    I come in this morning to my boss asking me who did you assign 10.137.127.11 to. Of course I didn't do anything but it is showing up in the logs as BADADDRESS yet it is still is used. The mac address was the same as the one my boss was getting when his IP was being used. of course it wasn't on my list of mac's.. To stop it we removed the mac that was assigned to the now BAD IP and then disabled the nic on the computer it was supposed to be assigned to. (had to because it would still pop up DHCP has assigned your IP to a different computer) then mysteriously the IP would stop and we could reassign... (we are both new to DHCP can you tell?)

    +
    0 Votes
    jordanspcrepair

    ok. i probably wouldn't use dhcp for your network if you are going to be assigning specific ip addresses to certain MAC addresses. i would probably manually configure each computer with a ip address and associate that way, but i don't know.