Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: mac address issue

From: "Jude Naidoo" <jude007 () jnaidoo fsnet co uk>
Date: Tue, 2 Sep 2003 17:55:02 +0100
Hi Brian

Have you tried flushing the arp cache on your switch ?

What DHCP server are you using ?

Jude
----- Original Message ----- 
From: "Brian Whitehead" <brian () whiteheadconsulting com>
To: <security-basics () securityfocus com>
Sent: Tuesday, September 02, 2003 5:19 PM
Subject: mac address issue


I was wondering if anyone could point me in the right direction.  Lately
we have been having problems with IP duplication.  Looking at the arp
cache and dhcp logs it looks like either a mac address spoofing issue or
maybe just a hardware problem.  I'm seeing two different mac addresses
that appear to take over 20-30 different IP's all at one time causing an
IP conflict and then they are immediately released.  I haven't been able
to find these mac addresses on any device in the building.  The switches
don't seem to agree either.  One port on the core switch may have it in
it's arp cache, but the switch plugged into that port doesn't.  Nothing is
making a lot of sense.  This has happened once or twice a day for the last
4-5 days.  If anyone has an idea of what to look at I would appreciate it.

-- 
Brian


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training),
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier
technical IT security event.  Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symantec is the Diamond sponsor.  Early-bird registration ends September
6.Visit us: www.blackhat.com
----------------------------------------------------------------------------




---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: