?
Solved

Strange addresses from DHCP

Posted on 2016-09-09
8
Medium Priority
?
115 Views
Last Modified: 2016-09-12
Got a small Windows 08r2 domain, one DHCP server.  Lately, several of my desktops, with a wired connection, are getting a 192.168.... IP address...and the DNS suffix is showing....wait for it....."GoogleTV" instead of our domain name of CITYHIGH.LAN  (see attached shot)

Folks connecting over wifi are fine.
gtverror.jpg
0
Comment
Question by:ejcrist
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 40

Accepted Solution

by:
footech earned 1000 total points
ID: 41791823
Though I'm not familiar with Google TV, it sounds like someone has connected another DHCP server to your network.  Perhaps a Google TV device can act as a DHCP server.

In any case, you would need to track it down and flog the person that plugged it in (unless it's the CEO, then just unplug the device or disable the DHCP functionality if possible).
1
 

Author Comment

by:ejcrist
ID: 41791902
Wow, that makes sense.  If a GTV box is connected somewhere, wouldn't it show up in my DNS or DHCP (if it grabbed a number)?  I'm trying to find a reference to it so I can track it down and shut it down.
0
 
LVL 40

Expert Comment

by:footech
ID: 41791976
It would depend on whether it got a lease from your DHCP, and other settings related to DNS dynamic updates.  I assume your network is not using 192.168.1.x, but the screenshot shows 192.168.1.1 as the DHCP, so I would take that to be the Google TV.  You could do an arp command (like arp -a 192.168.0.1) to see the associated MAC address.  Depending on the capability of your switches, you could then trace the MAC to a specific port.  From there, you could unplug the cable and listen for the screams to narrow it down, or maybe your documentation would tell you where it goes from there.
1
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 42

Assisted Solution

by:Adam Brown
Adam Brown earned 500 total points
ID: 41792067
Most likely, the Google TV is configured with a static IP address, so you wouldn't be able to find it in DNS. That said, you should be able to go to 192.168.1.1 to get the box's interface (usually). From there you can at least *try* default usernames and passwords to get into the configuration for it. Realistically, though, it shouldn't be too hard to find a Google TV box in an office unless someone is doing this maliciously and hid it really well. Worst case, if you have managed switches you can usually track down where the device is plugged in by looking at arp tables for the 192.168.1.1 address, then disable the switch port it's plugged into.
1
 
LVL 28

Expert Comment

by:Dr. Klahn
ID: 41792155
The quickest solution is probably to announce publicly "We are investigating serious problems on the company network.  When we find the GoogleTV device and discover who connected it, that person will be immediately fired."
1
 
LVL 6

Expert Comment

by:K_Wilke
ID: 41792586
If you have DNS setup on your server then that DNS could be goofed up.
0
 
LVL 8

Assisted Solution

by:lvjeff
lvjeff earned 500 total points
ID: 41793515
Someone has hooked Google TV to your network. An unpublished feature of Google TV is the ability to act as a wireless bridge. It will act as a DHCP server in that case and since it does not support DHCPInform messages, It can easily become a Rogue DHCP server. Track it down and disconnect the Wired internet port.
0
 

Author Closing Comment

by:ejcrist
ID: 41793998
I did an arp -a to find the MAC for the 192.168.1.1 gateway.....one of my 4 year old Sony Google TV's was acting like a DHCP server.....weird.  Thanks!!!!
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question