Hi good people out there.
This morning I woke up to some rude shock. I discovered that a few of my PC’s have been registered in the neighbours domain and a few few of my neighbours PC’s have been registered in mine. This has never happened before which led me to believe that I was attacked by some hackers. I can see the specific DNS suffix for my neighour organisation who is half a mile away.
I ran Ipconfig/all on one client machine and I can see that:
:- IP Address is not from my range but neighbours range
:- Default Gateway is my neighbours
:- DHCP Server IP is for my neighbour
:- DNS servers are min
:- Primary and Secondary Wins are my neighbours
The registration details tell me that the lease was obained at 23:10 hrs CAT. We do not work during these hours.
I checked my DHCP, it is authorised ok. I checked my DNS but I do not see any records of these neighbours A host records. My DHCP has a few of neighbours cleints registered which I deleted. I also noted that instead of mac address, I have RAS listed instead. I used RAS only for static IP routing
What do I need to do next to confirm that I was hacked into and how do I track whoever it was doing this?
You must be logged in to reply to this topic.
Create a free account today to participate in forum conversations, comment on posts and more.