My DHCP table has began receiving numerous entries that start with android-2222533a32d23.domain, We don't have any androids in our environment. How can I stop these entries?

Check to see if you have an open/unsecured Wireless Access Point.

-saige-

I have already checked and we don't.  That is why this is so puzzling.

Check your Wireless Access Point's; client's table (if it has one).  See if you find any entries in their for androids.

-saige-

Our wireless router, uses 192.x.x.x addresses these are 10.x.x.x addresses.  The router doesn't have a client's table.

It has happened many times that people buy devices by them-self and connect them into company network without any permission.
Try to scan for wireless networks with software like inssider.
Well, actually you can use just a laptop and check wireless networks that should not exist in your company.

Download a copy of Angry IP Scanner and scan both the 192 and 10 Class A blocks.  Check the device names against what is expected.

I think you'll find that davorin is right and somebody has installed a wireless device on your network without permission, and (knowing it's against company policy and a termination offense) hidden it so that you can't find it.

Okay.  I ran Angry IP Scanner.  Would 10.xx.xx.xxx             0.in-addr-arpa be the culprit?  I am not sure what to look for.

I found another that could be suspect 192.168.xx.xxx   Hostname   )^SU

If you can post a screenshot it will be helpful as then we will be getting the information direct.  Anything ".in-addr.arpa" should not be showing up in the host name column; this is how IP addresses are backwards resolved.

Please see attached unusual results from Angry IP Scanner

Sorry to say that the document does not appear to have attached properly.

Sorry I didn't click "upload file"
Angry-IP-Scanner-Results.docx

Perhaps one of the other experts can comment on that.  (I still use Word 97 and there is no import for the later DOCX file format into Word 97.)  Or alternatively, if you can post the screenshot as a JPEG.

@DrKlahn - Here are the snippets she made.-saige-

I have now saved it as a Word 97 doc.  You should be able to open it now.
Angry-IP-Scanner-Results2.doc

As you by the attached the androids are basically taking over my DHCP table.  However, when I do a nslookup many of them are legitimate workstations or laptops.  The ones that I don't receive a response from, I delete them but then they begin to return almost immediately.
androids.doc

After sleeping on the problem, another thing that you might be able to try:

Assuming that your legitimate network is on 192.168.1, your legal DHCP server should not be handing out addresses on 10.0.0 at all.  That would imply a bootleg DHCP server on the network.  If this is the case:

Start up a browser and enter http://10.0.0.1 into the address bar.  That should take you to the web management pages for the bootleg router.  You may not be able to get in but there will be enough information there to deduce the manufacturer and possibly the model.

Will not display page.  See attached.
Page-Can-t-be-displayed.doc

So far everything that I have traced have turned out to be legitimate network device (like a server or workstations.  Via the switch I traced the IP address  then the Mac Address then the port.  Each cable from the port is attached to a legitimate network device.

The only thing I can think of at this point is that there is a device creating a VPN into your network and bridging the 10.0 network onto your 192.168 network.

You said that you traced the IP address and MAC address to the switch and then the port.  What is the device connected to that port?

A DC is connected to the 192.xx.xx.xx address.

Domain controller?

yes

Log into the controller in question, bring up a command window, and issue ipconfig /all.  See if it is hosting anything other than the expected network adapter.

Also scan it thoroughly for viruses using at least two scanners, plus the most recent Microsoft Malicious Software Removal Tool

If this fails to turn up anything, I am about out of ideas except for this one:  There may be an infected system on your network spoofing a MAC address.  It will be a long and tedious journey with running multiple virus scanners on every system to prove or disprove that.

I ran the Microsoft Malicious Software Removal Tool.  Nothing was found.

I'm tapped out of ideas.  Hopefully one of the other experts will see your question and have an insight.

I really appreciate your trying to resolve the issue.

Both Experts were correct, however, IT_saige, answered first.  I am not sure how this should be handled.

I think you handled it adequately.  I may have answered first, but DrKlahn did more leg work than I did.  He is deserving of the greater point break.

-saige-

Sorry wasn't sure how this worked.  I will try to correct my mistake.

I have requested that full credit for the solution be given to davorin.

Great job!