Duplicate IP on the LAN

Posted on 2007-10-02
Medium Priority
Last Modified: 2008-01-09
He have a problem in our almost 100 desktop PC and 10 servers LAN.
Someone or something changed it's IP to a server's IP and LAN has become crazy.
We have found the zone where this Network card (wired or wireless) is by plugging and unplugging cables from switches and testing LAN performance.
When we plugged a switch cable off (that cascades from other remote switches) the LAN stabilized and we think that the duplicated IP is there.

Our preocupation is: How can we prevent that some device can use a server (or desktop) used IP?
All domain PC has non admin rights and are not able to change it.
Witch is the security protocol for this cases? block traffic by mac on switches?

Only a brief description will be enought. Thanks
Question by:Mikkk

Expert Comment

ID: 20003100
Do you use DHCP?

Expert Comment

ID: 20003101
Without the "malicious users" point of view a DHCP server is enough to prevent this problem.

If you want to protect from users that can, on purpose or not, change the IP a managed switch can do the work, most of them can detect this problems and you can set an alarm or set it to shutdown the port automatically.

Expert Comment

ID: 20003416
-. Find your culprit looking at the arp and mac tables in your switches (like that mac is known thru port 4/1, etc. until you get it).

- I agree with fmonroy, DHCP should be enough. An other option, if you have a good L3 switch, is to have your servers on one vlan which will be present in the computer room only and all your users on a different vlan.

I hope this helps

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

LVL 11

Accepted Solution

tvman_od earned 2000 total points
ID: 20003687
802.1x authentication. Switch will allow to connect authenticated hosts only regardless of it's MAC address. Microsoft AD and their RADIUS server work pertectly fine with this technology. Switch should be capable of processing and relaying authentication requests.

Author Comment

ID: 20005290
DHCP is not enought because someone can enter their own laptop and connect anywhere on the LAN and change their address easyly.
Then if they set an static IP this will make a duplicate IP.
For corporate reasons we can't change IP schemma, so the vlan can't be the solution.

I'm interested in 802.1x because we have more than 20 3Com manageable switches and this would be a great implementation project.

Last question: Can we implement 802.1x and let some "home" laptops not in doamin to connect to the LAN in some manner? or if we implement it, only domain computers will be able to connect?
LVL 51

Expert Comment

ID: 20005396
if you have user's who can plugin whatever device they want (laptop etc.), then you have to use a switch which relies on MACs of the client and only routes traffic it is a well known MAC
LVL 11

Expert Comment

ID: 20005932
You will have to register "home" laptop in the domain and give them no rignts for the domain resources. I'm not sure if you can do it with Microsoft RADIUS, but in theory you can set it up so it will accept hosts which fail authentication and assign them a separate VLAN in separate range of IPs. Feel free to contact me for details regarding network part. Microsoft RADIUS is not my area. I can deal with RADIUS for *NIX.

Featured Post

Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question