Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1562
Views
0
Helpful
4
Replies

Wrong DNS IPs (82.163.143.169, 82.163.142.171) being picked by user machines

Go to solution
tiwariharish44
Level 1
Level 1

‎09-09-2015 04:09 AM - edited ‎03-08-2019 01:42 AM

Hi,

Since last few days our network users have been complaining about no network access. When their computers are checked, they are found to be having fetched wrong DNS IPs (82.163.143.169 &
82.163.142.171) from the DHCP server, while these address do not belong to our network anywhere. 

Why is this happening. Is this some kind of Security concern or something like that? Any feedback provided will be much appreciated . 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to tiwariharish44

‎09-09-2015 04:40 AM 

This problem is spread across the whole campus network. It is not just limited to a single distribution switch, but across users connected to different distribution switches.

What's the point? 

 

If someone has spun up a rogue DHCP server and pumping stupid DHCP options, anything can happen.  

 

Enable DHCP Snooping in the core switch and observer for any improvements.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎09-09-2015 04:26 AM

Someone may have spun up a rogue DHCP server.  

 

Security concern, you bet!

0 Helpful

Go to solution
tiwariharish44
Level 1
Level 1
In response to Leo Laohoo

‎09-09-2015 04:34 AM

Hi Leo,

This problem is spread across the whole campus network. It is not just limited to a single distribution switch, but across users connected to different distribution switches.

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to tiwariharish44

‎09-09-2015 04:40 AM 

This problem is spread across the whole campus network. It is not just limited to a single distribution switch, but across users connected to different distribution switches.

What's the point? 

 

If someone has spun up a rogue DHCP server and pumping stupid DHCP options, anything can happen.  

 

Enable DHCP Snooping in the core switch and observer for any improvements.

0 Helpful

Go to solution
tiwariharish44
Level 1
Level 1
In response to Leo Laohoo

‎09-09-2015 04:51 AM

Another thing to note, the DNS is shown to be put statically in the TCP/IP settings of the user machines, while nobody has done so. Check the attached file.

Preview file
191 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card