Options
IP conflict question
Here's my situation. We manually assign IP's and keep them updated in DNS - dont ask why.
Our camera system just threw up an error message about an IP conflict. Usually, it wouldnt be a problem. I'd just look it up in DNS, and go give that one a new available address...problem solved. However, somehow this address got a non-descriptive name in DNS, so I have no idea where it might be.
I figure, if I could make taht address unusable, that might help me investige where the problem lies. How would I go about disabling that address (the user/printer/print server etc would stop working and holler)? We have a single domain.
Our camera system just threw up an error message about an IP conflict. Usually, it wouldnt be a problem. I'd just look it up in DNS, and go give that one a new available address...problem solved. However, somehow this address got a non-descriptive name in DNS, so I have no idea where it might be.
I figure, if I could make taht address unusable, that might help me investige where the problem lies. How would I go about disabling that address (the user/printer/print server etc would stop working and holler)? We have a single domain.
Comments
-
Optionswastedtime Member Posts: 586 ■■■■□□□□□□If you have access to the switches you could follow the mac address back to the port and disable it.
Just an idea. -
Optionsbrad- Member Posts: 1,218wastedtime wrote: »If you have access to the switches you could follow the mac address back to the port and disable it.
Just an idea. -
OptionsRobertKaucher Member Posts: 4,299 ■■■■■■■■■■If your switches are managed you could check the MAC tables to find which switch it is plugged into and then set that port to be administratively down (i.e. turned off).
The only problem is that this assumes you are using managed switches. Have you confirmed if this is a PC/printer/whatever? I would start by finding out what the device actually is (look up the first 3 octets of the MAC address and try to access the device). If you think it’s a PC try to browse to [URL="file://\\ipaddress\C$"]\\ipaddress\C$[/URL] and see which users have signed into the PC by who has profiles on it. If it’s a printer it probably has an HTTP management page. That might help you. -
Optionsbrad- Member Posts: 1,218RobertKaucher wrote: »If your switches are managed you could check the MAC tables to find which switch it is plugged into and then set that port to be administratively down (i.e. turned off).
The only problem is that this assumes you are using managed switches. Have you confirmed if this is a PC/printer/whatever? I would start by finding out what the device actually is (look up the first 3 octets of the MAC address and try to access the device). If you think it’s a PC try to browse to [URL="file://\\ipaddress\C$"]\\ipaddress\C$[/URL] and see which users have signed into the PC by who has profiles on it. If it’s a printer it probably has an HTTP management page. That might help you.
Thanks both of you for the advice.
Switches are not managed
IDK what kind of device it is. We have pc's, jet direct boxes, printers, WAP's...all kinds of stuff. Im 80% sure its a PC though...even though its not in the NET VIEW list and doesnt return anything for the C$ search. The MAC first three of 0080ad should belong to "CNET Technology"...but I dont know of any gear we have here that would help me with.
I just dont get it. I wish there was a way in DNS or something I could just disable that address's traffic. -
OptionsRobertKaucher Member Posts: 4,299 ■■■■■■■■■■Did you try just browsing to [URL="file://\\ipaddress"]\\ipaddress[/URL] or http://ipaddress ? Might give you some clues. Looking at what CNET Tech. makes, I would bet it is probably a PC as well. But it could be a consumer grade wireless router or other network device. Could a user have brought something in and plugged it in without permission?
Let us know... -
Optionsbrad- Member Posts: 1,218RobertKaucher wrote: »Did you try just browsing to [URL="file://\\ipaddress"]\\ipaddress[/URL] or http://ipaddress ? Might give you some clues. Looking at what CNET Tech. makes, I would bet it is probably a PC as well. But it could be a consumer grade wireless router or other network device. Could a user have brought something in and plugged it in without permission?
Let us know...
If someone brought something in, they would need to know our network scheme to manually assign the IP and then crack the password to get on our wireless.
All is well though...the guy that installed our camera system came out and just rebooted it all...no worries anymore.
Thanks guys! -
OptionsRobertKaucher Member Posts: 4,299 ■■■■■■■■■■If someone brought something in, they would need to know our network scheme to manually assign the IP and then crack the password to get on our wireless.
All is well though...the guy that installed our camera system came out and just rebooted it all...no worries anymore.
Thanks guys!
Cool, may have just been an error in the arp table on the camera system.
But as far as knowing your ip scheme, all they need to know how to do is ipconfig /all
I've seen it before. People get sick of the IT department's security and don't know why they can't get access to the wireless for their laptop and they bring in a Linksysy wireless router which they hide under their desk. -
Optionstiersten Member Posts: 4,505If someone brought something in, they would need to know our network scheme to manually assign the IP and then crack the password to get on our wireless.
To protect against this, you need to use 802.1x on your network to provide authentication. -
OptionsRobertKaucher Member Posts: 4,299 ■■■■■■■■■■It is trivial to determine the relevant details of your network. The danger isn't that somebody is connecting something to your wireless network but more that they're plugging in an unprotected WiFi AP or other unauthorised device.
To protect against this, you need to use 802.1x on your network to provide authentication.
What I cannot get any services unless I have a certificate proving who/what I am? NAP is even cooler, though! Have any of you fidled with NAP on Cisco/MS products? "Sorry, you do not have AV or service pack 3 installed. You may not logon."