Solved

Strange addresses from DHCP

Posted on 2016-09-09
8
71 Views
Last Modified: 2016-09-12
Got a small Windows 08r2 domain, one DHCP server.  Lately, several of my desktops, with a wired connection, are getting a 192.168.... IP address...and the DNS suffix is showing....wait for it....."GoogleTV" instead of our domain name of CITYHIGH.LAN  (see attached shot)

Folks connecting over wifi are fine.
gtverror.jpg
0
Comment
Question by:ejcrist
8 Comments
 
LVL 39

Accepted Solution

by:
footech earned 250 total points
ID: 41791823
Though I'm not familiar with Google TV, it sounds like someone has connected another DHCP server to your network.  Perhaps a Google TV device can act as a DHCP server.

In any case, you would need to track it down and flog the person that plugged it in (unless it's the CEO, then just unplug the device or disable the DHCP functionality if possible).
1
 

Author Comment

by:ejcrist
ID: 41791902
Wow, that makes sense.  If a GTV box is connected somewhere, wouldn't it show up in my DNS or DHCP (if it grabbed a number)?  I'm trying to find a reference to it so I can track it down and shut it down.
0
 
LVL 39

Expert Comment

by:footech
ID: 41791976
It would depend on whether it got a lease from your DHCP, and other settings related to DNS dynamic updates.  I assume your network is not using 192.168.1.x, but the screenshot shows 192.168.1.1 as the DHCP, so I would take that to be the Google TV.  You could do an arp command (like arp -a 192.168.0.1) to see the associated MAC address.  Depending on the capability of your switches, you could then trace the MAC to a specific port.  From there, you could unplug the cable and listen for the screams to narrow it down, or maybe your documentation would tell you where it goes from there.
1
 
LVL 38

Assisted Solution

by:Adam Brown
Adam Brown earned 125 total points
ID: 41792067
Most likely, the Google TV is configured with a static IP address, so you wouldn't be able to find it in DNS. That said, you should be able to go to 192.168.1.1 to get the box's interface (usually). From there you can at least *try* default usernames and passwords to get into the configuration for it. Realistically, though, it shouldn't be too hard to find a Google TV box in an office unless someone is doing this maliciously and hid it really well. Worst case, if you have managed switches you can usually track down where the device is plugged in by looking at arp tables for the 192.168.1.1 address, then disable the switch port it's plugged into.
1
 
LVL 23

Expert Comment

by:Dr. Klahn
ID: 41792155
The quickest solution is probably to announce publicly "We are investigating serious problems on the company network.  When we find the GoogleTV device and discover who connected it, that person will be immediately fired."
1
 
LVL 6

Expert Comment

by:K_Wilke
ID: 41792586
If you have DNS setup on your server then that DNS could be goofed up.
0
 
LVL 8

Assisted Solution

by:lvjeff
lvjeff earned 125 total points
ID: 41793515
Someone has hooked Google TV to your network. An unpublished feature of Google TV is the ability to act as a wireless bridge. It will act as a DHCP server in that case and since it does not support DHCPInform messages, It can easily become a Rogue DHCP server. Track it down and disconnect the Wired internet port.
0
 

Author Closing Comment

by:ejcrist
ID: 41793998
I did an arp -a to find the MAC for the 192.168.1.1 gateway.....one of my 4 year old Sony Google TV's was acting like a DHCP server.....weird.  Thanks!!!!
0

Join & Write a Comment

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now