Endpoint Protection

We have a server (XY) and XY had a DHCP address, the IP Address was released and renewed and it now has a new DHCP generated IP address.

We would like to know what the previous IP address was, would SEP(M) have any way to find this information?

Should have been overritten by now..

No way 

Most likely, but I'd really like to track what it was. I guess I won't be able to.

Run the Computer Status Report from a day in the past...it's possible but unlikely...

Couldn't you find this by just checking the ARP cache of a machine that had connected previously but not since it got a new address?

I'm with _Brian on this one, finding out the old IP address from SEP is a bit of a long shot.

#EDIT#

You probably already knwo this, but it's arp -a from a command prompt btw

Overwritten...Oh well, thought I'd give it a shot...

bummer

Hi Bryan S,

If those servers have IPS on them, then the previous IP address may be in the "histroric IP" column of the NTP Attack log.

A screenshot of how to generate that report can be found in:

Two Reasons why IPS is a "Must Have" for your Network

https://www-secure.symantec.com/connect/articles/two-reasons-why-ips-must-have-your-network

Thank you, but none of our servers has NTP or PTP installed.