ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Getting DHCP BAD_ADDRESS on Windows DHCP

    Scheduled Pinned Locked Moved IT Discussion
    dhcpwindows dhcpwindows server
    35 Posts 7 Posters 8.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @1337
      last edited by

      @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

      @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

      @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

      @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

      Base problem now.... whatever device this is keeps trying to connect and fills up the DHCP range quickly causing issues.

      That's sounds like a DHCP starvation attack!

      It ends up being that way, but we don't think it is intentional.

      But what could possibly make the mac address change for each request?

      The MAC address is gibberish, so our guess is a broken device (either end point or AP.)

      1 1 Reply Last reply Reply Quote 1
      • 1
        1337 @scottalanmiller
        last edited by 1337

        @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

        @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

        @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

        @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

        @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

        Base problem now.... whatever device this is keeps trying to connect and fills up the DHCP range quickly causing issues.

        That's sounds like a DHCP starvation attack!

        It ends up being that way, but we don't think it is intentional.

        But what could possibly make the mac address change for each request?

        The MAC address is gibberish, so our guess is a broken device (either end point or AP.)

        How fast are the requests showing up? Maybe that would determine if it's malicious or not?

        scottalanmillerS 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller @1337
          last edited by

          @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

          @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

          @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

          @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

          @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

          @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

          Base problem now.... whatever device this is keeps trying to connect and fills up the DHCP range quickly causing issues.

          That's sounds like a DHCP starvation attack!

          It ends up being that way, but we don't think it is intentional.

          But what could possibly make the mac address change for each request?

          The MAC address is gibberish, so our guess is a broken device (either end point or AP.)

          How fast are the requests showing up? Maybe that would determine if it's malicious or not?

          Very fast. Maybe every 10 seconds.

          1 1 Reply Last reply Reply Quote 0
          • CCWTechC
            CCWTech
            last edited by

            Since unplugging the AP we haven't had any pop up again. Either a bad AP or bad client of the AP.

            1 Reply Last reply Reply Quote 0
            • 1
              1337 @scottalanmiller
              last edited by

              @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

              @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

              @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

              @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

              @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

              @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

              @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

              Base problem now.... whatever device this is keeps trying to connect and fills up the DHCP range quickly causing issues.

              That's sounds like a DHCP starvation attack!

              It ends up being that way, but we don't think it is intentional.

              But what could possibly make the mac address change for each request?

              The MAC address is gibberish, so our guess is a broken device (either end point or AP.)

              How fast are the requests showing up? Maybe that would determine if it's malicious or not?

              Very fast. Maybe every 10 seconds.

              Maybe you can find it by working with the switches. First finding from which switch it comes and then from what port.

              scottalanmillerS 1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @1337
                last edited by

                @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                Base problem now.... whatever device this is keeps trying to connect and fills up the DHCP range quickly causing issues.

                That's sounds like a DHCP starvation attack!

                It ends up being that way, but we don't think it is intentional.

                But what could possibly make the mac address change for each request?

                The MAC address is gibberish, so our guess is a broken device (either end point or AP.)

                How fast are the requests showing up? Maybe that would determine if it's malicious or not?

                Very fast. Maybe every 10 seconds.

                Maybe you can find it by working with the switches. First finding from which switch it comes and then from what port.

                Weve isolated to one AP.

                1 1 Reply Last reply Reply Quote 1
                • 1
                  1337 @scottalanmiller
                  last edited by

                  @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                  @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                  @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                  @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                  @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                  @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                  @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                  @pete-s said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                  @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                  Base problem now.... whatever device this is keeps trying to connect and fills up the DHCP range quickly causing issues.

                  That's sounds like a DHCP starvation attack!

                  It ends up being that way, but we don't think it is intentional.

                  But what could possibly make the mac address change for each request?

                  The MAC address is gibberish, so our guess is a broken device (either end point or AP.)

                  How fast are the requests showing up? Maybe that would determine if it's malicious or not?

                  Very fast. Maybe every 10 seconds.

                  Maybe you can find it by working with the switches. First finding from which switch it comes and then from what port.

                  Weve isolated to one AP.

                  Ahh, well I don't know what to do then.

                  CCWTechC 1 Reply Last reply Reply Quote 0
                  • CCWTechC
                    CCWTech @1337
                    last edited by

                    @pete-s We are going to change the PW on the AP so no clients can connect. It could be the AP itself. Then we gradually bring clients back on to see which one is the problem.

                    1 1 Reply Last reply Reply Quote 3
                    • 1
                      1337 @CCWTech
                      last edited by

                      @ccwtech That makes sense. Should be interesting to know what it was!

                      CCWTechC 1 Reply Last reply Reply Quote 0
                      • CCWTechC
                        CCWTech @1337
                        last edited by

                        @pete-s For sure!

                        1 Reply Last reply Reply Quote 0
                        • ObsolesceO
                          Obsolesce @scottalanmiller
                          last edited by

                          @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                          Base problem now.... whatever device this is keeps trying to connect and fills up the DHCP range quickly causing issues.

                          I seen this issue before. It was a device that had a virus on it that was doing it.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @Obsolesce
                            last edited by

                            @obsolesce said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                            @scottalanmiller said in Getting DHCP BAD_ADDRESS on Windows DHCP:

                            Base problem now.... whatever device this is keeps trying to connect and fills up the DHCP range quickly causing issues.

                            I seen this issue before. It was a device that had a virus on it that was doing it.

                            A possibility for sure. We are working to isolate it now.

                            1 Reply Last reply Reply Quote 0
                            • CCWTechC
                              CCWTech
                              last edited by

                              So what we are pretty sure we have narrowed it down to is a WiFi device that reports the temperature of the refrigerator to an online portal that sends out notifications when there is an out of range event.

                              There is an inside the fridge sensor and that sends the information to a receiver outside the fridge. The receiver part is what has the WiFi built in. I think the inside sensor to outside receiver communicate using 900 Mhz.

                              Who would have thought to check the refrigerator?

                              1 Reply Last reply Reply Quote 1
                              • 1
                              • 2
                              • 2 / 2
                              • First post
                                Last post