I just noticed a rogue DHCP lease on my network and began searching
for the MAC address and found the post below from 22 Mar 2005. I also
found an explanation for the behavior on Microsoft's website:
http://support.microsoft.com/kb/945948/en-us

------- 2005 post from Ivyhu...@gmail.com -------
I'm noticing this same thing on my network since recently adding M$
Windows Server 2003 in our network... I've been searching the net
high
and low for a reason why these DHCP leases are made and have found
nothing. Is there any new info I'm missing?

Here's the bogus MAC's I'm seeingin our DHCP lease reports:

MACHINE | IP | MAC | LEASE BEGIN | LEASE
END
detective 192.168.0.119 45:3b:13:0d:89:0a 14:47:45 02/23/2005 14:48:45
02/23/2005
detective 192.168.0.117 e9:eb:b3:a6:db:3c 14:47:29 02/23/2005 14:48:29
02/23/2005
detective 192.168.0.118 4d:c8:43:bb:8b:a6 14:47:37 02/23/2005 14:48:37
02/23/2005

WTF?? I hate M$!!!!! Any reason for why my logs are getting spammed
would be appreciated. When we do a company security audit, I'd prefer
not to answer "uhh I dunno".

-Scott
------- End Prior Post -------