Solved

Strange addresses from DHCP

Posted on 2016-09-09
8
91 Views
Last Modified: 2016-09-12
Got a small Windows 08r2 domain, one DHCP server.  Lately, several of my desktops, with a wired connection, are getting a 192.168.... IP address...and the DNS suffix is showing....wait for it....."GoogleTV" instead of our domain name of CITYHIGH.LAN  (see attached shot)

Folks connecting over wifi are fine.
gtverror.jpg
0
Comment
Question by:ejcrist
8 Comments
 
LVL 39

Accepted Solution

by:
footech earned 250 total points
ID: 41791823
Though I'm not familiar with Google TV, it sounds like someone has connected another DHCP server to your network.  Perhaps a Google TV device can act as a DHCP server.

In any case, you would need to track it down and flog the person that plugged it in (unless it's the CEO, then just unplug the device or disable the DHCP functionality if possible).
1
 

Author Comment

by:ejcrist
ID: 41791902
Wow, that makes sense.  If a GTV box is connected somewhere, wouldn't it show up in my DNS or DHCP (if it grabbed a number)?  I'm trying to find a reference to it so I can track it down and shut it down.
0
 
LVL 39

Expert Comment

by:footech
ID: 41791976
It would depend on whether it got a lease from your DHCP, and other settings related to DNS dynamic updates.  I assume your network is not using 192.168.1.x, but the screenshot shows 192.168.1.1 as the DHCP, so I would take that to be the Google TV.  You could do an arp command (like arp -a 192.168.0.1) to see the associated MAC address.  Depending on the capability of your switches, you could then trace the MAC to a specific port.  From there, you could unplug the cable and listen for the screams to narrow it down, or maybe your documentation would tell you where it goes from there.
1
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 39

Assisted Solution

by:Adam Brown
Adam Brown earned 125 total points
ID: 41792067
Most likely, the Google TV is configured with a static IP address, so you wouldn't be able to find it in DNS. That said, you should be able to go to 192.168.1.1 to get the box's interface (usually). From there you can at least *try* default usernames and passwords to get into the configuration for it. Realistically, though, it shouldn't be too hard to find a Google TV box in an office unless someone is doing this maliciously and hid it really well. Worst case, if you have managed switches you can usually track down where the device is plugged in by looking at arp tables for the 192.168.1.1 address, then disable the switch port it's plugged into.
1
 
LVL 25

Expert Comment

by:Dr. Klahn
ID: 41792155
The quickest solution is probably to announce publicly "We are investigating serious problems on the company network.  When we find the GoogleTV device and discover who connected it, that person will be immediately fired."
1
 
LVL 6

Expert Comment

by:K_Wilke
ID: 41792586
If you have DNS setup on your server then that DNS could be goofed up.
0
 
LVL 8

Assisted Solution

by:lvjeff
lvjeff earned 125 total points
ID: 41793515
Someone has hooked Google TV to your network. An unpublished feature of Google TV is the ability to act as a wireless bridge. It will act as a DHCP server in that case and since it does not support DHCPInform messages, It can easily become a Rogue DHCP server. Track it down and disconnect the Wired internet port.
0
 

Author Closing Comment

by:ejcrist
ID: 41793998
I did an arp -a to find the MAC for the 192.168.1.1 gateway.....one of my 4 year old Sony Google TV's was acting like a DHCP server.....weird.  Thanks!!!!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Add or change DNS server address used by OpenVPN software 5 39
EXCHANGE, ACTIVE DIRECTORY 1 32
Powershell command 2 24
User account lockout - Server 2012R2 7 30
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question