Solved

Why would ipconfig.exe try to access the internet - without me ruininng the command? Is the PC/Router  being attacked?

Posted on 2006-11-08
7
246 Views
Last Modified: 2013-11-16
Today when I started my PC Norton Internet Security 2005 was not running. I switched off the router immediately. Norton said NIS needed activating - I was suspicious because I had renewed the subscription a couple of weeks ago with no problems and everything has been running fine.

The PC (Standalone - Windows XP professional) is kept up to date with all the virus and spyware (norton,spybot, adaware, AOL).

I switched the router back on and activated (again!) everything now seems OK. I did a symantec and shields up scan and cam out perfect (I am paranoid!). I then checked the norton firewall log and I had the following from earlier on is the day: -

"An instance of "C:\windows\system32\ipconfig.exe " is preparing to access the internet"

Why would ipconfig run itsself? - it wasn't me! Does this indicate someone was trying to access the router config?

PS Just lately I have had a lot of file sharing blocked messages are these related?

Please put my mind at rest or otherwise!

Lou



0
Comment
Question by:Louverril
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
7 Comments
 
LVL 24

Expert Comment

by:SunBow
ID: 17900661
It generally should not, but it is more informative with more options these days. I just checked mine, and all data is what should be local. If you did not do it, do you have anyone else? For minimum packet attempts, my best guess is it is attempting to renew a dhcp lease. How old is yours?
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17900670
C:\>ipconfig /?

USAGE:
    ipconfig [/? | /all | /renew [adapter] | /release [adapter] |
              /flushdns | /displaydns | /registerdns |
              /showclassid adapter |
              /setclassid adapter [classid] ]

where
    adapter         Connection name
                   (wildcard characters * and ? allowed, see examples)

    Options:
       /?           Display this help message
       /all         Display full configuration information.
       /release     Release the IP address for the specified adapter.
       /renew       Renew the IP address for the specified adapter.
       /flushdns    Purges the DNS Resolver cache.
       /registerdns Refreshes all DHCP leases and re-registers DNS names
       /displaydns  Display the contents of the DNS Resolver Cache.
       /showclassid Displays all the dhcp class IDs allowed for adapter.
       /setclassid  Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and
default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address
leases for all adapters bound to TCP/IP will be released or renewed.

For Setclassid, if no ClassId is specified, then the ClassId is removed.

Examples:
    > ipconfig                   ... Show information.
    > ipconfig /all              ... Show detailed information
    > ipconfig /renew            ... renew all adapters
    > ipconfig /renew EL*        ... renew any connection that has its
                                     name starting with EL
    > ipconfig /release *Con*    ... release all matching connections,
                                     eg. "Local Area Connection 1" or
                                         "Local Area Connection 2"

C:\>
0
 
LVL 24

Accepted Solution

by:
SunBow earned 500 total points
ID: 17900765
DHCP Ports
http://www.iana.org/assignments/port-numbers
bootps           67/tcp    Bootstrap Protocol Server
bootps           67/udp    Bootstrap Protocol Server
bootpc           68/tcp    Bootstrap Protocol Client
bootpc           68/udp    Bootstrap Protocol Client
0
Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

 

Author Comment

by:Louverril
ID: 17908205
Thank you Sunbow,

Yes I think it was probably trying to revew a lease - I can't be certain (the PC and router get tunrned off often twice a day) but I have been swiching off the router and the pc and turning them on at the same time this behaviour could have caused it to ask for a new lease - if the PC got there first??

Best regards, Lou
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17940280
IpConfig/All

From Dos prompt should give the start time of lease, near the bottom of the list. Leases often requested by any MS Windows at reboot. DHCP packets, OTOH are ever few and far between no matter what anyone else says about it - it is negligible traffic. So when you get a lot of 'hits' it should be something else being the cause.
0
 

Author Comment

by:Louverril
ID: 17945846
Thanks Sunbow,

tried this and the lease was obtained today when I switched on and it says it expires 24 hours from then. So  it looks like it was windows requesting a new lease.

Best regards
Lou
0
 
LVL 24

Expert Comment

by:SunBow
ID: 17948224
:-))
While you are at it, you might take last look at IpConfig and jot down the other packets needing to get through, in particular to the DNS servers (3), so that you can ensure all have a pathway through the routing filters and any firewalls. If you haven't yet, you might want to ping one just to see how that might get logged.

Ping -a <IpAddress>

- 'should' return the name of the server <IpName>
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
disable USB on Dell Printers 14 84
What are the recommended security measures to put in place? 19 94
Frequency of Windows Server updates 27 140
Linksys EA8500 3 21
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question