Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

masking IP address

Feb 25, 2016 5:58PM PST

My office is a small LAN with 20 users. Recently an unknown entity appeared on the LAN and uses an IP address of a known computer, but with a different MAC. It seems that entity is hosted on another computer, but my antivirus can not identify it. We know that the entity is hosted in a computer because we turn off all computers and the entity also off, but reappears with no identifiable pattern.
I need help!

Discussion is locked

- Collapse -
Answer
so many things it could be
Feb 25, 2016 6:17PM PST

someone could be charging their smartphone or device on a computer. could be a printer or a lot of other things that might be connected to a computer.

Try to narrow it down to a computer. turn off one computer at a time until you identify the computer.

- Collapse -
Answer
This will take some work.
Feb 25, 2016 6:30PM PST

You'll have to turn them off one by one. Then check your view. If both vanish when you turn one off, I'l take bets it's infected.

- Collapse -
we want to solve the problem without having to reinstall PC
Feb 26, 2016 9:13AM PST

Thanks for the help.
In the past we solved reinstalling the operating system.
But, we are looking for information on the type of threat and how to treat it.
Hopefully someone has any idea.

- Collapse -
So you found the PC in question?
Feb 26, 2016 9:44AM PST

As you know in such deployments you keep an image ready to redeploy as a full install is costly (hours!) If your IT staff is new, they may have forgotten some basics. Talk to them about disaster recovery and system images.

- Collapse -
it could be a virus, a backdoor?
Feb 26, 2016 9:53AM PST

Thank you very much.
Yes, it is the third time it happens. On two previous occasions, in 6 months, the computer with the problem was identified and was solved by reinstalling but we have not progressed about what is it.

- Collapse -
There are forums that dive into reports and tools.
Feb 26, 2016 12:59PM PST

You read them all the time at bleepingcomputer.com But today, Windows is still pretty easy to infect. One wrong move or "kids" and it's infected.

- Collapse -
Answer
I hope you have security on this LAN.
Feb 26, 2016 12:50PM PST
- Collapse -
Answer
block the MAC
Feb 26, 2016 10:29PM PST

Probably the best thing to do would be to block the MAC - easy to do and (if necessary) undo.
If you have any query http://.com/it-services/it-management/networksupport/

Note: Link disabled by moderator. Please avoid spamming your company. You can discuss this here so all can benefit

Post was last edited on February 26, 2016 10:40 PM PST