Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 358
  • Last Modified:

Duplicate Mac Address

Hello,

We have had our network running with about 30 computers bought 5 years ago.  Anyway, everything has been fine until today.  We have two computers grabbing the same IP address from DHCP because they both have the same Mac address.  The Mac address on both computers also is odd.  It starts with 40 and the other 28 omputers bought at the same time start with 00.  We have had to replace some hard drives and even mother boards over the years, but nothing in the past several months.  I am really concerned that we have a hacker or virus running around, so any help/answers would be greatly appreciated.  Thanks.
0
rcblevins
Asked:
rcblevins
1 Solution
 
Ernie BeekExpertCommented:
There are possibilities to manually put in a mac address in the network drivers. Perhaps somebody has been experimanting with that?
0
 
MikeKaneCommented:
Hardware should not have the same MAC addresses on the NIC.    IT should be really easy to find the dupes since your switch would complain about flapping between 2 ports.  

I would guess that there may be a virtual machine that was cloned running on 2 workstations.    But that should be very evident.  
0
 
LHT_STCommented:
mac spoofing can be done if the user is intelligent enough.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
Ernie BeekExpertCommented:
If you have the first six characters of the mac address you could try to figure out what it is: http://www.coffer.com/mac_find/
0
 
nsx106052Commented:
I would try to see if you can pin point the location of both computers then check the actual MAC address.  Once done verify the actual MAC addresses.  If one doesn't match then I would scan for hacking utilities.  Malwarebytes or CCcleaner should be able to find them.  There are several utilities that can spoof MAC addresses.  

I would also check to make sure none of these machines are virtual.  If so you might need to create another NIC and disable the current one.
0
 
rfc1180Commented:
Depeding on the equipment you have, the images you are running, mitigating MAC spoof is a fairly simple process and can be addressed with DHCP Snooping: http://en.wikipedia.org/wiki/DHCP_snooping

As already mentioned, get down to the root cause to investigate to determine if the issue was related to experimentation, accidental, or malacious. If you switches are managed switches, you should be able to view the MAC/CAM table of the switches and locate the MAC to a specific switchport on the switch.

What type of switch equipment do you have connected to the network?
If the switches are not managed, then your only ooption is to investigate by visiting each computer and checking the properties of the card or TCP/IP network settings (ipconfig /all, etc).

Billy
0
 
rcblevinsAuthor Commented:
Thanks to all for your help and suggestions.  Finally found the issue and resolution at the link below.  We have Dell SX270 computers and the mac address was the exact same that's specified in the link below.  Very wierd problem.   Thanks again.

http://forums.techguy.org/networking/272551-mac-address-changed-spontaneously.html
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now