We have been experiencing problems on our student network where 2 mac addresses (one wireless, one cat5) are telling the rest of the computers on the network that they have the IP address used by the other computers. Every computer on the network gets the following errors:
The wireless Mac shows up more frequently, but they are each present in all attacks. The attacks would last for only about 10 minutes at a time then the computer went offline, making it difficult to trace the mac to a switchport. I finally did trace it back and disabled the port. Does anyone know what kind of attack this is, what causes it, programs that can do this, and possible ways to avoid it in the future?
Thanks
Event Type: Error
Event Source: Tcpip
Event Category: None
Event ID: 4199
Date: 11/12/2004
Time: 3:40:42 PM
User: N/A
Computer: PUCK
Description:
The system detected an address conflict for IP address 172.25.10.10 with the system having network hardware address 00:04:23:5C:2E:70. Network operations on this system may be disrupted as a result.
0000: 00 00 00 00 03 00 50 00 ......P.
0008: 00 00 00 00 67 10 00 c0 ....g..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
And :
Event Type: Error
Event Source: Tcpip
Event Category: None
Event ID: 4199
Date: 11/12/2004
Time: 3:38:21 PM
User: N/A
Computer: PUCK
Description:
The system detected an address conflict for IP address 172.25.10.10 with the system having network hardware address 00:02:3F:63:C4:43. Network operations on this system may be disrupted as a result.
0000: 00 00 00 00 03 00 50 00 ......P.
0008: 00 00 00 00 67 10 00 c0 ....g..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
The wireless Mac shows up more frequently, but they are each present in all attacks. The attacks would last for only about 10 minutes at a time then the computer went offline, making it difficult to trace the mac to a switchport. I finally did trace it back and disabled the port. Does anyone know what kind of attack this is, what causes it, programs that can do this, and possible ways to avoid it in the future?
Thanks
Event Type: Error
Event Source: Tcpip
Event Category: None
Event ID: 4199
Date: 11/12/2004
Time: 3:40:42 PM
User: N/A
Computer: PUCK
Description:
The system detected an address conflict for IP address 172.25.10.10 with the system having network hardware address 00:04:23:5C:2E:70. Network operations on this system may be disrupted as a result.
0000: 00 00 00 00 03 00 50 00 ......P.
0008: 00 00 00 00 67 10 00 c0 ....g..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
And :
Event Type: Error
Event Source: Tcpip
Event Category: None
Event ID: 4199
Date: 11/12/2004
Time: 3:38:21 PM
User: N/A
Computer: PUCK
Description:
The system detected an address conflict for IP address 172.25.10.10 with the system having network hardware address 00:02:3F:63:C4:43. Network operations on this system may be disrupted as a result.
0000: 00 00 00 00 03 00 50 00 ......P.
0008: 00 00 00 00 67 10 00 c0 ....g..À
0010: 00 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........