RE: Hacker on Internal Net: DHCP

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

I just noticed a rogue DHCP lease on my network and began searching
for the MAC address and found the post below from 22 Mar 2005. I also
found an explanation for the behavior on Microsoft's website:

------- 2005 post from -------
I'm noticing this same thing on my network since recently adding M$
Windows Server 2003 in our network...  I've been searching the net
and low for a reason why these DHCP leases are made and have found
nothing. Is there any new info I'm missing?

Here's the bogus MAC's I'm seeingin our DHCP lease reports:

MACHINE | IP             | MAC           | LEASE BEGIN        | LEASE
detective 45:3b:13:0d:89:0a 14:47:45 02/23/2005 14:48:45
detective e9:eb:b3:a6:db:3c 14:47:29 02/23/2005 14:48:29
detective 4d:c8:43:bb:8b:a6 14:47:37 02/23/2005 14:48:37

WTF?? I hate M$!!!!! Any reason for why my logs are getting spammed
would be appreciated. When we do a company security audit, I'd prefer
not to answer "uhh I dunno".

------- End Prior Post -------

Site Timeline