cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
501
Views
0
Helpful
2
Replies

Rogue IP addresses on my WAN links

terry.greene
Level 1
Level 1

It appears I have a device with a misconfigured IP address in the form of 192.168.0.x on one of my various WAN links. I found the issue because my dial backup using 192.168.0.0/24 has started coming up every 12 minutes when a packet from my core DNS server is sent to that IP address. When I do a trace of the traffic at the port where my DNS server is attached, the source MAC address is the sending router interface. I captured a trace of the traffic where a core router enters our network, but the source MAC address for that IP address is again the sending interface of that router. Is there a way to find the device using a local sniffer trace? If not, any ideas how to find the rogue device on whatever WAN link it resides? I've verified the IP address causing the problem is not a valid IP address currently in use on our network.

Thanks,

Terry G

2 Replies 2

smalkeric
Level 6
Level 6

Use access lists to block all traffics with a source IP address of your internal network, this will eliminate this problem. This is also a best practise in Network Security

gaban
Level 1
Level 1

has anybody installed a DHCP server that is dishing out that Address?

Review Cisco Networking for a $25 gift card