Announcement

Collapse
No announcement yet.

Dhcp Registering Neighbours Clients

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dhcp Registering Neighbours Clients

    Hi good people out there.

    This morning I woke up to some rude shock. I discovered that a few of my PC's have been registered in the neighbours domain and a few few of my neighbours PC's have been registered in mine. This has never happened before which led me to believe that I was attacked by some hackers. I can see the specific DNS suffix for my neighour organisation who is half a mile away.

    I ran Ipconfig/all on one client machine and I can see that:

    :- IP Address is not from my range but neighbours range
    :- Default Gateway is my neighbours
    :- DHCP Server IP is for my neighbour
    :- DNS servers are min
    :- Primary and Secondary Wins are my neighbours

    The registration details tell me that the lease was obained at 23:10 hrs CAT. We do not work during these hours.



    I checked my DHCP, it is authorised ok. I checked my DNS but I do not see any records of these neighbours A host records. My DHCP has a few of neighbours cleints registered which I deleted. I also noted that instead of mac address, I have RAS listed instead. I used RAS only for static IP routing

    What do I need to do next to confirm that I was hacked into and how do I track whoever it was doing this?

    Jajabinghx

  • #2
    Re: Dhcp Registering Neighbours Clients

    is there any wireless router or accesspoint on your network?
    do the networks shares any physical connections?
    Does the 2 networks from the same organization?

    You will have to give a little more details about the networks configurations to understand whats goin on there!

    Comment


    • #3
      Re: Dhcp Registering Neighbours Clients

      Originally posted by balluche
      is there any wireless router or accesspoint on your network?
      do the networks shares any physical connections?
      Does the 2 networks from the same organization?

      You will have to give a little more details about the networks configurations to understand whats goin on there!
      Agreed!

      My first thought was that you're sharing a network with another business line (or maybe even another company?) which is how the leak is happening.

      Beyond that, you have some sort of physical security breach, or a wireless issue which opens all sorts of doors.

      Please tell us more about your general network setup without divulging confidential information.

      Jas
      VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
      boche.net - VMware Virtualization Evangelist
      My advice has no warranties. Follow at your own risk.

      Comment

      Working...
      X