Security Basics mailing list archives
mac address issue
From: "Brian Whitehead" <brian () whiteheadconsulting com>
Date: Tue, 2 Sep 2003 11:19:16 -0500 (CDT)
I was wondering if anyone could point me in the right direction. Lately we have been having problems with IP duplication. Looking at the arp cache and dhcp logs it looks like either a mac address spoofing issue or maybe just a hardware problem. I'm seeing two different mac addresses that appear to take over 20-30 different IP's all at one time causing an IP conflict and then they are immediately released. I haven't been able to find these mac addresses on any device in the building. The switches don't seem to agree either. One port on the core switch may have it in it's arp cache, but the switch plugged into that port doesn't. Nothing is making a lot of sense. This has happened once or twice a day for the last 4-5 days. If anyone has an idea of what to look at I would appreciate it. -- Brian --------------------------------------------------------------------------- Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world's premier technical IT security event. Modeled after the famous Black Hat event in Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors. Symantec is the Diamond sponsor. Early-bird registration ends September 6.Visit us: www.blackhat.com ----------------------------------------------------------------------------
Current thread:
- mac address issue Brian Whitehead (Sep 02)
- Re: mac address issue Jude Naidoo (Sep 02)
- Message not available
- Re: mac address issue Jude Naidoo (Sep 02)
- Message not available
- Re: mac address issue Jude Naidoo (Sep 02)