So, we have implemented a new windows domain at our business. No, problems with it whats so ever until this morning. My boss asks me who’s IP’s I switched last friday. I thought to myself, “hey I did switch an IP but I’ld switched it to XXX.XXX.125.6 just so I could use windows update and fix the WGA issues we where having”. Now xxx.xxx.125.xxx is the admin range and the .6 is my computer’s assigned ip address to my comps mac. My boss’s issue was that someone was using his IP. XXX.XXX.125.5, I went around to all the computers in the company on a whim and checked. No one had 125.5
Everyone was where they where supposed to be so I pinged XXX.XXX.125.5 then ARP -a the ip and got back a MAC address that is not on our list. We then removed my boss’s mac from the list and blocked the 125.5 IP. Is there a simple mistake I am missing or has our domain been compromised? I am new to the field and still learning rather rapidly, and would like to know how this happend.
