Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DHCP Own IP?

Status
Not open for further replies.
machinetype

machinetype

IS-IT--Management
Aug 8, 2002
48
0
0
US
Okay,we recently got a 3com office connect router. I have been looking through the logs on a daily basis and keep coming across an internal address of 192.168.0.48 trying to get out to the internet. I can ping this address from one of the BDC's which is the DHCP server but no other machine on the network can ping 192.168.0.48 It claims it is an ip spoof. Here are a couple of the entries:

IP spoof detected 192.168.0.48, 137, LAN 12.96.223.135, 137, WAN MAC address: 00.04.75.AA.3E.56 09/30/2002 17:11:51.320

IP spoof detected 192.168.0.48, 137, LAN 199.111.38.62, 137, WAN MAC address: 00.04.75.AA.3E.56 09/30/2002 19:03:42.064

IP spoof detected 192.168.0.48, 137, LAN 63.214.184.81, 137, WAN MAC address: 00.04.75.AA.3E.56 09/30/2002 19:45:59.288

IP spoof detected 192.168.0.48, 137, LAN 208.178.14.210, 137, WAN MAC address: 00.04.75.AA.3E.56 09/30/2002 22:51:16.048

Note; these are only a few of them, this happens about 3-4 times a day. The port is 137, this is netbios and I have always heard that worms operate at this port number. After looking in the route table I see:

192.168.0.48 Mask 255.255.255.255 Gateway 127.0.0.1

So I do a reg search for 192.168.0.48 on this BDC and it comes up as a DHCP ip address under NdisWan6->parameters->Tcpip. Now remember this is the DHCP server but this is not it's address, we have never assingned anything in this range.

Also no other machine can ping this address except for this BDC.

So I am at a loss, I know, or assumed to know, that nothing actually gives itself it's own address. Any help with this quadry would be greatly appreciated!

SLM
 
Sort by date Sort by votes
on the DHCP, do ipconfig/all and note its MAC address. Is it the same as IP 48?
 
Upvote 0 Downvote
Yes, this is the same card(mac) as our external card on this server. This .48 address is listed in ipconfig as a NdisWan. (i did not think to look in ipconfig before) We do have a RAS running on this server(which is what the Ndis adapter is for), but why would this address be trying to access the internet 3-5 times per day? We rarley use this method of remote access (maybe one user once a week) So I am a step closer, but still not to the solution. Thanks for the help.

SLM
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
180
mangentle
mangentle
zorg2004
  • Locked
  • Question
Cluster CSV Disk Ownership Performance
Replies
0
Views
53
zorg2004
zorg2004
kbryii
  • Locked
  • Question
AD and DHCP issue
Replies
1
Views
59
gbaughma
gbaughma
Fireksf
  • Locked
  • Question
Avaya IPOCC not generate Report, Please any body if you a have any idea help me.
Replies
1
Views
61
MarkSweetland
MarkSweetland
evr72
  • Locked
  • Question
Wundows Server 2003 DNS can resolve names but not ip addresses
Replies
0
Views
32
evr72
evr72

Part and Inventory Search

Sponsor

Back
Top