RE: DHCP database
From: Laura A. Robinson (larobins_at_bellatlantic.net)
Date: 06/13/05
- Previous message: Meni Milstein: "RE: E-Mail gateway on IIS."
- In reply to: Tom Burns: "DHCP database"
- Next in thread: Tom Burns: "RE: DHCP database"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 13 Jun 2005 15:30:30 -0400 To: "'Tom Burns'" <tburns@TorcaUSA.com>, <focus-ms@securityfocus.com>
Locate the log file(s) for the day/date in question and look for entries
such as:
ID,Date,Time,Description,IP Address,Host Name,MAC Address
...
11,06/13/05,10:33:11,Renew,10.7.0.137,BogusComputerName.,00F01243D4E0,
(all addresses above have been edited to completely bogus values)
Events 10 and 11 indicate initial leasing and renewal of addresses,
respectively.
Laura
> -----Original Message-----
> From: Tom Burns [mailto:tburns@TorcaUSA.com]
> Sent: Monday, June 13, 2005 12:41 PM
> To: focus-ms@securityfocus.com
> Subject: DHCP database
>
>
> Good morning,
>
> I'm doing a security audit on a PC and need to cross
> reference what IP address it had in December. Does anyone
> know how to look at the old dhcp database (or any other
> files) to find out what IP address a computer was assigned? I
> have backup tapes of the dhcp server.
>
> The DHCP server is Windows 2000 with SP4.
>
> Tom
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Meni Milstein: "RE: E-Mail gateway on IIS."
- In reply to: Tom Burns: "DHCP database"
- Next in thread: Tom Burns: "RE: DHCP database"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
