There is a rogue mac address showing up on our network

There is a rogue "unknown" mac address showing up on one of our wireless  access points.  
mac address is 94-44-52-13-08-62 and is associated to LAN Ip address
..  This particular LAN ip address , when I use "NSlookup" ties to one of our hosts....but this particular host has a different IP address, namely  In DNS,  is alligned with "goofy123" (the correct host name)   But when I use the NSLOOKUP" inquiry  tool both and are associated to "goofy123"    I'm using  fictitious names to hide our identity.  I also noticed that the mac address 94-44-52-13-08-62 (which I tried to locate using "MAC Locator", unknown device) had a dynamic DHCP  assigned to
I have tried to scavenge old records out of DNS...I have also deleted the DHCP assignment from our Sonicwall  .  The  MAC address associated to is still showing up on our wireless access point.  
Question---What specific tools can I use to determine if there is a threat to our system?  I knwo there are alot of them out there but I need good advice!!!
Thank you,

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Paul MacDonaldDirector, Information SystemsCommented:
The MAC address in DNS may be for a cabled NIC, rather than a wireless one.  Is it possible this host is connected to your network both physically and wirelessly?
LamrskiAuthor Commented:
The mac address was not showing up in DNS ......the mac address is showing up on a wireless access point and also on our sonicwall.  In DNS, the correct IP address is alligned with the correct host name......but when I use "nslookup" the  IP address that is on the wireless access point is alligning with the host machine.  
Does this make sense?
Paul MacDonaldDirector, Information SystemsCommented:
Yes.  I meant that the MAC address for the connection on the AP would be for the WiFi NIC.  It would be completely understandable for that to be different from what you'd see for the cabled NIC.  

The NSLOOKUP behavior is weird though.  Is your AP also a DHCP server?  Does it do DNS too?  Does it forward straight to your default gateway?
Need More Insight Into What’s Killing Your Network

Flow data analysis from SolarWinds NetFlow Traffic Analyzer (NTA), along with Network Performance Monitor (NPM), can give you deeper visibility into your network’s traffic.

On the other hand, if you try to ping the specified address using the -a what host does it return ? The ggod or the bad ?

Weird enough is the DNS Lookup, like Paulomacd stated above.

I would check IF anyone has a virtual server or virtual box machine with the DHCP Role enabled.
This is usually caused by a Rogue DHCP.

LamrskiAuthor Commented:
Using the ping with -a gives me the host name for both the good ip address that should be assigned and for the bad.    I typed in ping -a  and it showed goofy 123 and the same for  Both have goofy123 assigned to them?  

 What type of vritual server are we talking about...the access point in question is  out in our warehouse??  Could it be a Rogue DHCP on the perimeter of our building?  And doo you have ann idea of hos to get rid of them...I'm actually reading the the documetnation on the access point to see if I can clear it... There are no other mac/IP addresses using this AP.  
If the AP is assigning IP's, the you should be able to disable it.

The best way is to use Tracert and chek the hopes that packet goes by.

Paul MacDonaldDirector, Information SystemsCommented:
"Rogue DHCP server" is just a DHCP server someone set up without your knowledge/permission.  That's why I'd orgiinally asked about the AP doing DHCP.  In a Windows environment, the DHCP server will do a pretty good job of telling you if another Windows DHCP server is running on the network.
LamrskiAuthor Commented:
I think I figured out what it's all about!!!!  We have an outside vendor using the goofy123  machine to access a xerox machine in the building .......I think by using "ad hoc".

Thank you for all of your help!!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
FYI that MAC is from Belkin.
LamrskiAuthor Commented:
Which MAC locator do you use to find the hardware source?  Thanks for the info, very much
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.