And when you have a machine that can talk to it (ie. 192.168.1.42) try a web browser on http://192.168.1.1 and see what you get - might be worth a telnet as well, then you know what type of hardware your looking for in the offices too.
Once found, undated your network policies to ensure that no one plugs in any unauthorised devices (PCs, switches, hubs, etc) with suitable penalties for those who do. -----Original Message----- From: Ben Scott [mailto:[EMAIL PROTECTED] Sent: 22 February 2008 06:34 To: NT System Admin Issues Subject: Re: Ghost DHCP settings On Thu, Feb 21, 2008 at 4:01 PM, David Florea, SysAdmin <[EMAIL PROTECTED]> wrote: > Is 192.168.1.1 a default for anything else?? 192.168.1.1 is the default used by a *lot* of SOHO NAT equipment, not just LinkSys. Almost certainly, somebody has taken their bitty-box home router with the built-in four-port-switch, and plugged it into your LAN to get some extra ports, not even knowing they're screwing up your LAN in the process. Assign 192.168.1.42 as an IP address to a test machine, and ping 192.168.1.1 from the test box. Then check the ARP table to get the MAC address of the rogue device. The OUI part of the MAC address will tell you the brand of device. Then use your managed switches to track down the port the rogue device is connected to. If you don't have manged switches, use a non-Microsoft ping tool to flood ping the 192.168.1.1 device. Follow the spastic link lights to find the port. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ The information contained in this E-Mail and any subsequent correspondence is private and is intended solely for the intended recipient(s). The information in this communication may be confidential and/or legally privileged. Nothing in this e-mail is intended to conclude a contract on behalf of QinetiQ or make QinetiQ subject to any other legally binding commitments, unless the e-mail contains an express statement to the contrary or incorporates a formal Purchase Order. For those other than the recipient any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance on such information is prohibited and may be unlawful. Emails and other electronic communication with QinetiQ may be monitored and recorded for business purposes including security, audit and archival purposes. Any response to this email indicates consent to this. Telephone calls to QinetiQ may be monitored or recorded for quality control, security and other business purposes. QinetiQ Limited Registered in England & Wales: Company Number:3796233 Registered office: 85 Buckingham Gate, London SW1E 6PD, United Kingdom Trading address: Cody Technology Park, Cody Building, Ively Road, Farnborough, Hampshire, GU14 0LX, United Kingdom http://www.QinetiQ.com/home/legal.html ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
