LAN ISSUE

Unanswered Question
Aug 27th, 2008
User Badges:

HI in our LAN we find a weird issue. Our ip range is 172.20.48.0 /20, when to try to ping any ip address from the pc it resolves to ips in the network range 172.20.62.x or 63.x and the MAC address for those IPs seems to be same, i have attached the screenshots of the same, pls help me to find out is that spoofing attack and how to resolve this issue....



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
satish_zanjurne Thu, 08/28/2008 - 00:08
User Badges:
  • Silver, 250 points or more

What DNS server are you using ??


Do "nslookup 172.20.48.x" see to which IP address it is resolving .


make sure your DNS entries are correct , if it is not Dynamic DNS !!

VictorAKur Thu, 08/28/2008 - 00:36
User Badges:

That MAC address is a Cisco box. Is it doing some sort of proxy I wonder?

Giuseppe Larosa Thu, 08/28/2008 - 01:01
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Chennai,

I think this is caused by proxy-arp enabled on a Cisco device likely to have a longer more specific prefix configured on it.

It will try to answer requests for some IP addresses in order to help a PC by sending its own MAC address because it has a route to the destination address.


look for the MAC address on your LAN switches to locate this device


Hope to help

Giuseppe

Chennai NOC Thu, 08/28/2008 - 09:22
User Badges:

Hi all thanks for the replies, the issue is sorted out, i handle cisco NAC implemetation in my office. Since there was a looping issue caused by NAC few weeks back all ppl were suspecting that Cisco NAC clean access server was the issue. Actually the issue is in the 172.20.48.0/20 network we have our core switch as our gateway 172.20.48.1 in that for a particular host range 172.20.55.1 - 200 lies a project that needs internet access to connect the vpn clients.

So our network engg configured a source based routemap to redirect the mentioned ips to internet firewall... and also the securities guys have configured a nat pool for some the home user who connect to our office as 172.20.63.x

So whenever i started pinging from the hosts in 55 network we were getting replies from 63 network,, thats the issues....

Actions

This Discussion