DHCP or have I been hacked

[ProudToBeLeeds]

Currently I have a DHCP network on 10.44.27.0. While trailing through the dhcp.log I noticed a dhcp request from 192.186.128.1 Does this have the trade marks of a hacker or is something a bit more weird going on?

 

[loadedmind]

Well, you haven't given much information in regards to how many systems are on your network, whether it's a corporate or private environment, whether another individual has access to your network as root or otherwise, etc. If you're the only one with access to this network and don't have another subnet allocated as 192., then it would seem logical that the request came from an outside source. If you're worried that someone might be in your LAN, alternatively, you could use netstat, snoop or w to see who all's connected currently. Also, are you specifying IP's in /etc/hosts and /etc/defaultrouter or are you not including the latter file to allow for full DHCP over your network? Have you created a file called /etc/gateway?

 

[ProudToBeLeeds]

Its OK. The address 192.186.128.1 is apparently internal and is actually being used as a bridge address on a machine that is using VMware. Don't know why its sending out DHCPDISCOVER messages but it is. Basically panic over.