Solved

Strange addresses from DHCP

Posted on 2016-09-09
8
108 Views
Last Modified: 2016-09-12
Got a small Windows 08r2 domain, one DHCP server.  Lately, several of my desktops, with a wired connection, are getting a 192.168.... IP address...and the DNS suffix is showing....wait for it....."GoogleTV" instead of our domain name of CITYHIGH.LAN  (see attached shot)

Folks connecting over wifi are fine.
gtverror.jpg
0
Comment
Question by:ejcrist
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 40

Accepted Solution

by:
footech earned 250 total points
ID: 41791823
Though I'm not familiar with Google TV, it sounds like someone has connected another DHCP server to your network.  Perhaps a Google TV device can act as a DHCP server.

In any case, you would need to track it down and flog the person that plugged it in (unless it's the CEO, then just unplug the device or disable the DHCP functionality if possible).
1
 

Author Comment

by:ejcrist
ID: 41791902
Wow, that makes sense.  If a GTV box is connected somewhere, wouldn't it show up in my DNS or DHCP (if it grabbed a number)?  I'm trying to find a reference to it so I can track it down and shut it down.
0
 
LVL 40

Expert Comment

by:footech
ID: 41791976
It would depend on whether it got a lease from your DHCP, and other settings related to DNS dynamic updates.  I assume your network is not using 192.168.1.x, but the screenshot shows 192.168.1.1 as the DHCP, so I would take that to be the Google TV.  You could do an arp command (like arp -a 192.168.0.1) to see the associated MAC address.  Depending on the capability of your switches, you could then trace the MAC to a specific port.  From there, you could unplug the cable and listen for the screams to narrow it down, or maybe your documentation would tell you where it goes from there.
1
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 41

Assisted Solution

by:Adam Brown
Adam Brown earned 125 total points
ID: 41792067
Most likely, the Google TV is configured with a static IP address, so you wouldn't be able to find it in DNS. That said, you should be able to go to 192.168.1.1 to get the box's interface (usually). From there you can at least *try* default usernames and passwords to get into the configuration for it. Realistically, though, it shouldn't be too hard to find a Google TV box in an office unless someone is doing this maliciously and hid it really well. Worst case, if you have managed switches you can usually track down where the device is plugged in by looking at arp tables for the 192.168.1.1 address, then disable the switch port it's plugged into.
1
 
LVL 28

Expert Comment

by:Dr. Klahn
ID: 41792155
The quickest solution is probably to announce publicly "We are investigating serious problems on the company network.  When we find the GoogleTV device and discover who connected it, that person will be immediately fired."
1
 
LVL 6

Expert Comment

by:K_Wilke
ID: 41792586
If you have DNS setup on your server then that DNS could be goofed up.
0
 
LVL 8

Assisted Solution

by:lvjeff
lvjeff earned 125 total points
ID: 41793515
Someone has hooked Google TV to your network. An unpublished feature of Google TV is the ability to act as a wireless bridge. It will act as a DHCP server in that case and since it does not support DHCPInform messages, It can easily become a Rogue DHCP server. Track it down and disconnect the Wired internet port.
0
 

Author Closing Comment

by:ejcrist
ID: 41793998
I did an arp -a to find the MAC for the 192.168.1.1 gateway.....one of my 4 year old Sony Google TV's was acting like a DHCP server.....weird.  Thanks!!!!
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question