Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Duplicate Mac Address

Posted on 2011-03-11
9
Medium Priority
?
353 Views
Last Modified: 2012-05-11
Hello,

We have had our network running with about 30 computers bought 5 years ago.  Anyway, everything has been fine until today.  We have two computers grabbing the same IP address from DHCP because they both have the same Mac address.  The Mac address on both computers also is odd.  It starts with 40 and the other 28 omputers bought at the same time start with 00.  We have had to replace some hard drives and even mother boards over the years, but nothing in the past several months.  I am really concerned that we have a hacker or virus running around, so any help/answers would be greatly appreciated.  Thanks.
0
Comment
Question by:rcblevins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35110082
There are possibilities to manually put in a mac address in the network drivers. Perhaps somebody has been experimanting with that?
0
 
LVL 33

Expert Comment

by:MikeKane
ID: 35110095
Hardware should not have the same MAC addresses on the NIC.    IT should be really easy to find the dupes since your switch would complain about flapping between 2 ports.  

I would guess that there may be a virtual machine that was cloned running on 2 workstations.    But that should be very evident.  
0
 
LVL 6

Expert Comment

by:LHT_ST
ID: 35110102
mac spoofing can be done if the user is intelligent enough.
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35110115
If you have the first six characters of the mac address you could try to figure out what it is: http://www.coffer.com/mac_find/
0
 
LVL 12

Expert Comment

by:nsx106052
ID: 35110154
I would try to see if you can pin point the location of both computers then check the actual MAC address.  Once done verify the actual MAC addresses.  If one doesn't match then I would scan for hacking utilities.  Malwarebytes or CCcleaner should be able to find them.  There are several utilities that can spoof MAC addresses.  

I would also check to make sure none of these machines are virtual.  If so you might need to create another NIC and disable the current one.
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 35113200
Depeding on the equipment you have, the images you are running, mitigating MAC spoof is a fairly simple process and can be addressed with DHCP Snooping: http://en.wikipedia.org/wiki/DHCP_snooping

As already mentioned, get down to the root cause to investigate to determine if the issue was related to experimentation, accidental, or malacious. If you switches are managed switches, you should be able to view the MAC/CAM table of the switches and locate the MAC to a specific switchport on the switch.

What type of switch equipment do you have connected to the network?
If the switches are not managed, then your only ooption is to investigate by visiting each computer and checking the properties of the card or TCP/IP network settings (ipconfig /all, etc).

Billy
0
 

Accepted Solution

by:
rcblevins earned 0 total points
ID: 35127639
Thanks to all for your help and suggestions.  Finally found the issue and resolution at the link below.  We have Dell SX270 computers and the mac address was the exact same that's specified in the link below.  Very wierd problem.   Thanks again.

http://forums.techguy.org/networking/272551-mac-address-changed-spontaneously.html
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35360941
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question