Solved

Who's IP is this?

Posted on 2006-10-25
6
7,702 Views
Last Modified: 2012-05-05
ZoneAlarm security suite detected a new network with IP 169.254.0.0/255.255.0.0 and wants me to name it and pick a internet zone. Is this a IP my router gave to something on my network ( Im running DHCP with 3 workstations, print sever and network storage link )) or is this a remote computer trying to connect to my workgroup?
0
Comment
Question by:PSYCHOBETTY
6 Comments
 
LVL 54

Assisted Solution

by:b0lsc0tt
b0lsc0tt earned 240 total points
Comment Utility
PSYCHOBETTY,

That IP is one assigned automatically by your computer when it can't get one from a router/dhcp or from the computer's settings.  It is not an external computer and doesn't mean your computer is exposed, etc.  ZoneAlarm is just providing that message because it is a new "network."  However that IP is in the private, automatic assigned range and wouldn't even work in most intranets, much less for Internet use.

Let me know if you have any questions or need more information.

b0lsc0tt
0
 
LVL 43

Expert Comment

by:Steve Knight
Comment Utility
It is normally an APIPA address, an auto-assigned address given to your computer by itself when it can't get a DHCP address from the router.
0
 
LVL 24

Expert Comment

by:SunBow
Comment Utility
OTOH, if running own dhcp you should be aware of the exact addresses being used at all times. If it is not yours or know to you, then there is no need to permit it to be used, it could be a cheap but sly form of spyware or other malware.

Try IPConfig/all on the server and workstations to see, to ensure, that all are really on the same subnet. If it is this one then you'd better know. If it is not this one then you'd better know.

>  is this a remote computer trying to connect to my workgroup?

It could be a spyware (or other malware) attempting to get your help to get access to other machines
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 9

Expert Comment

by:dipopo
Comment Utility
169.254.x.x this address is DEFAULT for Limited or no connectivity issues. Meaning any device which has this IP assigned to it has not been able to receive one from DHCP. Check the connectivity of your devices to the internet and contact me for resolving this issue.
0
 
LVL 16

Accepted Solution

by:
The--Captain earned 260 total points
Comment Utility
From arin:

whois 169.254.0.0@whois.arin.net
[whois.arin.net]

OrgName:    Internet Assigned Numbers Authority
OrgID:      IANA
Address:    4676 Admiralty Way, Suite 330
City:       Marina del Rey
StateProv:  CA
PostalCode: 90292-6695
Country:    US

NetRange:   169.254.0.0 - 169.254.255.255
CIDR:       169.254.0.0/16
NetName:    LINKLOCAL
NetHandle:  NET-169-254-0-0-1
Parent:     NET-169-0-0-0-0
NetType:    IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment:    Please see RFC 3330 for additional information.
RegDate:    1998-01-27
Updated:    2002-10-14

OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:   Internet Corporation for Assigned Names and Number
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org

OrgTechHandle: IANA-IP-ARIN
OrgTechName:   Internet Corporation for Assigned Names and Number
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org

# ARIN WHOIS database, last updated 2006-10-24 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


From RFC 3330:

169.254.0.0/16 - This is the "link local" block.  It is allocated for
   communication between hosts on a single link.  Hosts obtain these
   addresses by auto-configuration, such as when a DHCP server may not
   be found.

So, some computer (probably a windoze box) assigned itself an IP since apparently it did not have a statically configured IP and was not able to receive an assignment via DHCP.

Cheers,
-Jon
0
 
LVL 54

Expert Comment

by:b0lsc0tt
Comment Utility
I'm glad that I could be one of those that helped you.  Thank you for the grade, the points and the fun question.

bol
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now