Tracking the Corporate Maze
[B]efore we could take reasonable measures, we needed to know which of our roughly 6,000 internal desktops was involved. The problem is that all of them appear to the public as that one IP address cited by the MPAA. That's because we use RFC 1918-compliant IP addresses via our DHCP servers. These are private IP addresses, reserved for internally routed devices. When these internal resources communicate with an outside entity, their IP addresses are translated to a single publicly addressable IP address.
To make matters worse, our DHCP leases expire every 48 hours, meaning that when those internal IP addresses expire every couple of days, most are likely assigned to someone else. We keep logs of IP address assignments, but not for very long, since they take up a lot of disk space. And by the time the MPAA's letter made it through the postal service and our mailroom and was delivered to the right department, several days had gone by.