ProudToBeLeeds
Technical User
Currently I have a DHCP network on 10.44.27.0. While trailing through the dhcp.log I noticed a dhcp request from 192.186.128.1 Does this have the trade marks of a hacker or is something a bit more weird going on?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
DHCP or have I been hacked
- Thread starter ProudToBeLeeds
- Start date
- Status
loadedmind
Technical User
Well, you haven't given much information in regards to how many systems are on your network, whether it's a corporate or private environment, whether another individual has access to your network as root or otherwise, etc. If you're the only one with access to this network and don't have another subnet allocated as 192., then it would seem logical that the request came from an outside source. If you're worried that someone might be in your LAN, alternatively, you could use netstat, snoop or w to see who all's connected currently. Also, are you specifying IP's in /etc/hosts and /etc/defaultrouter or are you not including the latter file to allow for full DHCP over your network? Have you created a file called /etc/gateway?
- Thread starter
- #3
ProudToBeLeeds
Technical User
Its OK. The address 192.186.128.1 is apparently internal and is actually being used as a bridge address on a machine that is using VMware. Don't know why its sending out DHCPDISCOVER messages but it is. Basically panic over.
- Status
Similar threads
- Locked
- Question