There is a rogue mac address showing up on our network
Posted on 2011-10-05
There is a rogue "unknown" mac address showing up on one of our wireless access points.
mac address is 94-44-52-13-08-62 and is associated to LAN Ip address 10.10.12.5
.. This particular LAN ip address , when I use "NSlookup" ties to one of our hosts....but this particular host has a different IP address, namely 10.10.12.3. In DNS, 10.10.12.3 is alligned with "goofy123" (the correct host name) But when I use the NSLOOKUP" inquiry tool both 10.10.12.5 and 10.10.12.3 are associated to "goofy123" I'm using fictitious names to hide our identity. I also noticed that the mac address 94-44-52-13-08-62 (which I tried to locate using "MAC Locator", unknown device) had a dynamic DHCP assigned to 10.10.12.5.
I have tried to scavenge old records out of DNS...I have also deleted the DHCP assignment from our Sonicwall . The MAC address associated to 10.10.12.5 is still showing up on our wireless access point.
Question---What specific tools can I use to determine if there is a threat to our system? I knwo there are alot of them out there but I need good advice!!!