IP conflict question

brad- · September 2009

Here's my situation. We manually assign IP's and keep them updated in DNS - dont ask why.

Our camera system just threw up an error message about an IP conflict. Usually, it wouldnt be a problem. I'd just look it up in DNS, and go give that one a new available address...problem solved. However, somehow this address got a non-descriptive name in DNS, so I have no idea where it might be.

I figure, if I could make taht address unusable, that might help me investige where the problem lies. How would I go about disabling that address (the user/printer/print server etc would stop working and holler)? We have a single domain.

wastedtime · September 2009

If you have access to the switches you could follow the mac address back to the port and disable it.

Just an idea.

brad- · September 2009

wastedtime wrote: »

If you have access to the switches you could follow the mac address back to the port and disable it.

Just an idea.

I do have access to the switches, and i know the MAC. Could you be a little more specific on "disable it".

RobertKaucher · September 2009

If your switches are managed you could check the MAC tables to find which switch it is plugged into and then set that port to be administratively down (i.e. turned off).
The only problem is that this assumes you are using managed switches. Have you confirmed if this is a PC/printer/whatever? I would start by finding out what the device actually is (look up the first 3 octets of the MAC address and try to access the device). If you think it’s a PC try to browse to [URL="file://\\ipaddress\C$"]\\ipaddress\C$[/URL] and see which users have signed into the PC by who has profiles on it. If it’s a printer it probably has an HTTP management page. That might help you.

brad- · September 2009

RobertKaucher wrote: »

If your switches are managed you could check the MAC tables to find which switch it is plugged into and then set that port to be administratively down (i.e. turned off).
The only problem is that this assumes you are using managed switches. Have you confirmed if this is a PC/printer/whatever? I would start by finding out what the device actually is (look up the first 3 octets of the MAC address and try to access the device). If you think it’s a PC try to browse to [URL="file://\\ipaddress\C$"]\\ipaddress\C$[/URL] and see which users have signed into the PC by who has profiles on it. If it’s a printer it probably has an HTTP management page. That might help you.

Thanks both of you for the advice.

Switches are not managed

IDK what kind of device it is. We have pc's, jet direct boxes, printers, WAP's...all kinds of stuff. Im 80% sure its a PC though...even though its not in the NET VIEW list and doesnt return anything for the C$ search. The MAC first three of 0080ad should belong to "CNET Technology"...but I dont know of any gear we have here that would help me with.

I just dont get it. I wish there was a way in DNS or something I could just disable that address's traffic.

RobertKaucher · September 2009

Did you try just browsing to [URL="file://\\ipaddress"]\\ipaddress[/URL] or http://ipaddress ? Might give you some clues. Looking at what CNET Tech. makes, I would bet it is probably a PC as well. But it could be a consumer grade wireless router or other network device. Could a user have brought something in and plugged it in without permission?

Let us know...

brad- · September 2009

RobertKaucher wrote: »

Did you try just browsing to [URL="file://\\ipaddress"]\\ipaddress[/URL] or http://ipaddress ? Might give you some clues. Looking at what CNET Tech. makes, I would bet it is probably a PC as well. But it could be a consumer grade wireless router or other network device. Could a user have brought something in and plugged it in without permission?

Let us know...

If someone brought something in, they would need to know our network scheme to manually assign the IP and then crack the password to get on our wireless.

All is well though...the guy that installed our camera system came out and just rebooted it all...no worries anymore.

Thanks guys!

RobertKaucher · September 2009

brad- wrote: »

If someone brought something in, they would need to know our network scheme to manually assign the IP and then crack the password to get on our wireless.

All is well though...the guy that installed our camera system came out and just rebooted it all...no worries anymore.

Thanks guys!

Cool, may have just been an error in the arp table on the camera system.

But as far as knowing your ip scheme, all they need to know how to do is ipconfig /all

I've seen it before. People get sick of the IT department's security and don't know why they can't get access to the wireless for their laptop and they bring in a Linksysy wireless router which they hide under their desk.

tiersten · September 2009

brad- wrote: »

If someone brought something in, they would need to know our network scheme to manually assign the IP and then crack the password to get on our wireless.

It is trivial to determine the relevant details of your network. The danger isn't that somebody is connecting something to your wireless network but more that they're plugging in an unprotected WiFi AP or other unauthorised device.

To protect against this, you need to use 802.1x on your network to provide authentication.

RobertKaucher · September 2009

tiersten wrote: »

It is trivial to determine the relevant details of your network. The danger isn't that somebody is connecting something to your wireless network but more that they're plugging in an unprotected WiFi AP or other unauthorised device.

To protect against this, you need to use 802.1x on your network to provide authentication.

What I cannot get any services unless I have a certificate proving who/what I am? NAP is even cooler, though! Have any of you fidled with NAP on Cisco/MS products? "Sorry, you do not have AV or service pack 3 installed. You may not logon."

IP conflict question

Comments