Answer the question
In order to leave comments, you need to log in
Same MAC on multiple IPs. How to find the source of the problem?
link to the beginning of the story In the domain network "floats" IP (without access to the Internet). How to catch and remove him?
The second week I can not understand. they say they say dhtsp is left. I don’t see the grid. I still see the left grid.
113.0.168.252 e4-8d-8c-82-36-e1 dynamic
113.0.168.253 e4-8d-8c-82-36-e1 dynamic
113.0.168.254 e4-8d-8c-82-36-e1
dynamic dhtsp alert. mikrotik does not catch this poppy) DHCp snooping is not enabled
192.168.0.(VPN) e4-8d-8c-82-36-e1 dynamic
192.168.0.(gateway) e4-8d-8c-82-36-e1 dynamic
Answer the question
In order to leave comments, you need to log in
Ok google, mac vendor.
We go to https://macvendors.com/ and see that this is mac Mikrotik.
You managed to catch yourself by the tail :)
In search of a mysterious device, it would help you if all the switches were managed (along the chain to track which port this or that mac is on). Without managed switches - at random, more precisely by the method of plugging and plugging connectors (and ping the left ip-address at the same time).
Run wireshark, configure listening on ports 67 and 68, make a DHCP request, all servers should respond.
Mac hotspot? They know how to replace the poppies of clients with their own.
today DHCP distributed not 113.0.168.1 but 116.0.168.1 on this IP devices are already defined.
I decided to immediately break through the range 115.0.168.1 is available with a huge response. 117 is available there too.... I'm shocked.
on 117 there are devices on which I successfully logged in, but I could not cheer up the logins. and these devices are never from my network at all - these are three cameras and a router.
as we see in the settings of their camera, which I went to the usual 1st subnet.
Change the password on the available camera until someone comes running.
Or the resolution on it is as small as possible. Yes, just change the ip.
And what other ports are available on those ip?
Same ssh? Nmap pom to check what OS is there and google default passwords
Have you checked your servers for such poppies?
If the domain is Windows, I think it's not difficult to collect network information using group policies and put it from each device into a shared shared folder. Well, then do a file search and identify the machine on which this poppy is.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question