IP Conflicts
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: IP Conflicts

  1. #1
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747

    IP Conflicts

    I've been having this problem at work with IP conflicts on two servers.

    Both servers are Windows Server 2003 Small Business on Dell dual 2.4 xeons processors.

    I walked into work one day to find that 12 people couldn't access the one server. So I went downstairs and it wouldn't let me log on due to the IP Conflict. So I unplugged the network cable restarted the computer changed the IP and plugged the cable back in. Right after that I did a portscan of the entire network, and found one IP on there with the same IP as the server. The scanning program showed it as a cisco product. However the only cisco product we have is a Catalyst 2950 24 port switch.

    Just today they called me up again cause they couldn't access the other server. I walked in to find the same exact problem. Except this time, the scanner found no other computers on the network with that same IP.

    Theses problems are about 3 weeks apart. All IP's are statically assigned except for about 3 of them.

    I can't figure this out.
    =

  2. #2
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I'm not offering very much, but I'll ask a few questions to get get the ball rolling.

    Do you have a wireless network? Could someone be war driving, and accessing your network if you do have a WLAN? Cisco makes a few wireless cards. Is it possible they were blocking your scans the second time around? The first time they saw your scans and wised up a little?

    Is it possible an employee is bringing in outside equipment? A notebook with some cisco hardware?

    For you 3 PCs that are DHCP... does the DHCP server have a range completely seperate from the static range? For my setup, my DHCP will issue 50 Leases, ips 100-150, and all static IPs are set below 100.

    I dunno, that's an intriguing one, I'm interested to see what the resident Gods have to say, but maybe that's enough to get ya thinking.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  3. #3
    Senior Member
    Join Date
    Dec 2001
    Posts
    291
    a few things to try here.....

    HTRegz mentioned the possibility of a wardriver, and it is a strong possibility, lock down anything wireless. Also, keep in mind that not all devices on a network are pingable, there could be a switch or firewalled machine somewhere with the IP address simply dropping icmp, check your layout.

    You may also want to disable any switch ports that are not in use, this will prevent a user from wandering in with a rogue machine and popping it on the network, this happens more often than people know.

    Check your dhcp scope to be sure none of the static IP's you are handing out are included in the scope, this will cause conflics. Also check for any machines that may be running a rogue dhcp server, these could be nas or server appliances, linux or windows machines that just happen to be misconfigured. One of the easier ways to check this is to pull your known dhcp servers offline and try to renew, if you pull an IP theres something else out there.

    And of course, double check your documentation... if your handing out statics to a large number of machines you may have accidentally doubled up.
    ~THEJRC~
    I\'ll preach my pessimism right out loud to anyone that listens!
    I\'m not afraid to be alive.... I\'m afraid to be alone.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Well, since HT pretty well covered the questions I would ask, I just have one more.
    Does Win2003 server not allow you to logon as a local admin should the network be available? If so you could have saved yourself the trouble of unplugging the cable and rebooting, then reconfiguring, plugging back in, etc..

    Another addition: How are you trying to verify if the IP address exists?
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  5. #5
    Junior Member
    Join Date
    Jan 2004
    Posts
    20
    that you found some hardware one of the times tells me that this is probably wrong but viruses (or employees that want a break for a smoke ) could be arp flooding that network segment and that will create the multiple ip error.
    Its a long shoot though

    PS but i would start with the wardriver checks sounds like it to me if you have a wireless connection

  6. #6
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    These 2 servers, do they have a trust relationship of some sort?

    I'm thinking someone is being naughty & trying to establish some kind of relationship between themselves and the servers.

    I would consider setting up a sniffer on each of the servers & keeping a record of all activity for the past 24h so that if the problem occurs again you can see what's been going on.
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  7. #7
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    No we don't have a wireless network, its all hard wired.

    I'm pretty sure I have the DHCP scope assigning IP's in a different range from what I set the static IP's to but I'll double check it.

    Theres only 1 person there at the office who would even have the faintest idea on how to hook up to a switch, and thats the CEO lol. Everyone there knows abosolutely nothing about computers. Their the kinds where if they get a screen saying "YOu have used Microsoft system configuration to change yoru startup etc" "press ok to continue" They call me up wanting to know what to do. lol

    On that first portscan I did when this first happened to me, the IP that was showing up as a cisco product did have a MAC address with it.

    that does sound like a good idea steve.
    Guess I'll go hook one up for a while and see what I get.

    Thanks for your help guys.
    =

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Well, any results yet?
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  9. #9
    Senior Member
    Join Date
    Feb 2003
    Location
    Memphis, TN
    Posts
    3,747
    not yet I didn't get a chance to make it in to work today.

    I'll let you know one I get to the servers though.
    =

  10. #10
    Senior Member
    Join Date
    Sep 2003
    Posts
    137
    I would hook up netstumbler to see if you have a rouge Wireless AP, also, this sounds stupid but here it goes...

    In the past when i was managing a small school network...a student brough in his home PC and hooked it up...our school was basicly for students studying for IT certifications so it was the norm, usually they check in with us before the connect to the network though so we can run A/V scan and find out what they are working on. Anyway, we had a student bring in a home PC, set it up in our network, and gave it a static IP...same as my LabServer...started getting errors so I did the following..

    1. disconnected LabServer from network.
    2. Scanned Network for the conflicting IP.
    3. Had trouble finding it, cause he turned it off right before lunch.
    4. He came back powered it up and I got the conflict message again.
    5. repeated steps 1 and 2, and was able to verify it was another PC with the same address.

    Pretty wierd that it happend that way..but reminded me of what you are going through.

    I would check to see if anyone has brought in a home PC....or router..or switch from home and hooked it up.. Also looking at you local DHCP server leases and DNS cache may help as well.

    Lastly....if it is a router..you may be able to log into your router and look at the routing tables, if you have RIP or RIPv2 or so on, you may have a entry for the device in question in your routing table.

    Not sure if any of this will help...good luck!
    \"Common Sense, isn\'t that common\"
    \"It is a lot easier to raise a child then it is to repair an adult\"
    -Kruptos

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •