Hi All -
On a small college campus here and this is happening solely in the admin building. Subnet is 10.3.x.x. Primary DNS server SHOULD be 10.2.0.53, however, on 10 or so different computers on different days the primary DNS server is getting changed to 192.168.0.1 and the DNS suffix is getting changed to mshome.net -- makes me think someone brought in a router. After an ipconfig /renew all is back to normal.
How can I go about hunting down this router? I've been scanning with wireshark everynow and then for the past few days and am finding nothing that sticks out at me. Any ideas?
On a small college campus here and this is happening solely in the admin building. Subnet is 10.3.x.x. Primary DNS server SHOULD be 10.2.0.53, however, on 10 or so different computers on different days the primary DNS server is getting changed to 192.168.0.1 and the DNS suffix is getting changed to mshome.net -- makes me think someone brought in a router. After an ipconfig /renew all is back to normal.
How can I go about hunting down this router? I've been scanning with wireshark everynow and then for the past few days and am finding nothing that sticks out at me. Any ideas?