Link to home
Start Free TrialLog in
Avatar of Zolf
ZolfFlag for United Arab Emirates

asked on

LAN Connection Status


Hello there,

i had assigned static ip to my LAN,but now i see it is changed to dynamic which is weird,since i did not change it.when i go to the properties of the LAN Connection and select the Support Tab in there it says IP 10.0.0.2 and DG 10.0.0.1 which is what i had assigned as static. and in the General Tab,the Received Activity is just counting,i mean downloading but dont know what.
please help. this server is behand a sonicwall TW210 appliance. i figured this by chance when i was trying to Remote Desktop this machine from my LAN machine and I could not connect to this 10.0.0.2 machine from my lan machine 192.168.0.135

cheers
ZOlf
SOLUTION
Avatar of stergium
stergium
Flag of Greece image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Zolf

ASKER


no one knows the password of th eserver except me. i have again assigned the ips and changed the password.
what spyware do i run on windows serer 2003
ASKER CERTIFIED SOLUTION
Avatar of moon_blue69
moon_blue69

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
@zolf malwarebytes should be fine
Avatar of Zolf

ASKER


>>You are trying to connect to it from 192.168.0.135 which is on a different network. Is there any routing taking place. If there is no routing then it is not supposed to work

this 10.0.0.2 server is in a DMZ,configured in the Sonicwall to allow the two subnets to communicate to each other.

>>When you go to the properties, does it say the IP is assigned dynamically?
when i setup the server 10.0.0.2,i assigned it static ip 10.0.0.2,but for some reason it was switched to dynamic and i learnt about this by change,when i could not connect anymore from my 192.168.0 subnet to this machine.

about the received,it is receiving data in 10,000 Bytes,so it means a lot of activity is going on.


1.txt
2.txt
Avatar of Zolf

ASKER


this netstat is after running the malware app. there is an Foreign IP in it.what is that.


111.txt
Avatar of moon_blue69
moon_blue69

Here it showsI P address is configured statically

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VIA VT6105 Rhine III Compatible Fast Ethe
rnet Adapter #2
   Physical Address. . . . . . . . . : 00-22-B0-E2-C1-02
  DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.1
   DNS Servers . . . . . . . . . . . : 4.2.2.4

The IP geolookup gave the following information

http://www.ip-adress.com/ip_tracer/77.67.98.43

IP address [?]: 77.67.98.43 [Copy][Whois] [Reverse IP]  
IP country code: DE
IP address country: Germany
IP address state: n/a
IP address city: n/a
IP address latitude: 51.0000
IP address longitude: 9.0000
ISP of this IP [?]: Tinet SpA
Organization: AKAMAI TECHNOLOGIES

Does this help you to identify anything?
I would ask you to do the following.

Try configuring the IP address statically again. Please note the time.

take a screen shot of the IP config /all

Check occassionally to see when the IP address changed again to dynamic

Take ss of ipconfig /all

Now please go to event viewer and check any suspicious event between the above noted time and now. Please update here