Re: hostname detective

[knitti]

On 11/5/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> I found the thread below on google when searching for the hostname detective 
> issue.
> I appreciate this was raised in June 2004, but there doesnt appear to be 
> many more instances of this issue on the net.
> Question is did you find out what caused it? I have it on my network and Id 
> like to know how to prevent reoccurrence.
>
>
> Thanks
>
> Mark
>
> Skimming through my leases file I noticed a bogus MAC address of
> 45:3b:13:0d:89:0a as well as two others which used the hostname
> "detective" and leased all of the available IP addresses in my pool for
> two minutes.  I googled for this situation and found a published log from
> some college's dhcp.leases file with the same MAC address and hostname
> being used.  Has anyone else seen this behavior before?  The only
> interface serving DHCP is my internal one with only two machines on it.
> Almost sounds like one of them got hacked.  Does anyone know what
> virus/spyware would've caused this?

I don't think a virus or spyware is probable (I might be wrong) - could it be
someone brought a "device" along (small embedded computer, zaurus/other
pda etc) and scanned/enumerated your internal network?

otoh, I fail to see the relationship to openbsd....


--knitti