LAN Connection Status


Hello there,

i had assigned static ip to my LAN,but now i see it is changed to dynamic which is weird,since i did not change it.when i go to the properties of the LAN Connection and select the Support Tab in there it says IP 10.0.0.2 and DG 10.0.0.1 which is what i had assigned as static. and in the General Tab,the Received Activity is just counting,i mean downloading but dont know what.
please help. this server is behand a sonicwall TW210 appliance. i figured this by chance when i was trying to Remote Desktop this machine from my LAN machine and I could not connect to this 10.0.0.2 machine from my lan machine 192.168.0.135

cheers
ZOlf
zolfAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

stergiumCommented:
hello.
it seems that someone is tampering with your server. If you set up you server with a static ip(1 static ip) address there is no way (not known to me at least) that  can change that . except fake ips (169.XXX.XXX.XXX) which  dont stay forever.
remove all your ip settings and set them up again. check also who might reconfiguring the computer...
hope that helps
0
xmlmagicianCommented:
i would suggest running some spyware etc software just to be on the safe side.
0
zolfAuthor Commented:

no one knows the password of th eserver except me. i have again assigned the ips and changed the password.
what spyware do i run on windows serer 2003
0
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

moon_blue69Commented:
Hi

10.0.0.2 is the IP address which you have assigned for the server.

You are trying to connect to it from 192.168.0.135 which is on a different network. Is there any routing taking place. If there is no routing then it is not supposed to work.

Correct me if i havent understood your scenario. Activity will be there as there weill be different activities on the cable, its never meant to be idle

When you go to the properties, does it say the IP is assigned dynamically? Go to command prompt type ipconfig /all and find the address of the DHCP server which is assigning the IP(if you suspect you are getting it dynamic) now see if you identify the DHCP server.

Please update here


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
xmlmagicianCommented:
@zolf malwarebytes should be fine
0
zolfAuthor Commented:

>>You are trying to connect to it from 192.168.0.135 which is on a different network. Is there any routing taking place. If there is no routing then it is not supposed to work

this 10.0.0.2 server is in a DMZ,configured in the Sonicwall to allow the two subnets to communicate to each other.

>>When you go to the properties, does it say the IP is assigned dynamically?
when i setup the server 10.0.0.2,i assigned it static ip 10.0.0.2,but for some reason it was switched to dynamic and i learnt about this by change,when i could not connect anymore from my 192.168.0 subnet to this machine.

about the received,it is receiving data in 10,000 Bytes,so it means a lot of activity is going on.


1.txt
2.txt
0
zolfAuthor Commented:
0
zolfAuthor Commented:

this netstat is after running the malware app. there is an Foreign IP in it.what is that.


111.txt
0
moon_blue69Commented:
Here it showsI P address is configured statically

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VIA VT6105 Rhine III Compatible Fast Ethe
rnet Adapter #2
   Physical Address. . . . . . . . . : 00-22-B0-E2-C1-02
  DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.1
   DNS Servers . . . . . . . . . . . : 4.2.2.4

The IP geolookup gave the following information

http://www.ip-adress.com/ip_tracer/77.67.98.43

IP address [?]: 77.67.98.43 [Copy][Whois] [Reverse IP]  
IP country code: DE
IP address country: Germany
IP address state: n/a
IP address city: n/a
IP address latitude: 51.0000
IP address longitude: 9.0000
ISP of this IP [?]: Tinet SpA
Organization: AKAMAI TECHNOLOGIES

Does this help you to identify anything?
0
moon_blue69Commented:
I would ask you to do the following.

Try configuring the IP address statically again. Please note the time.

take a screen shot of the IP config /all

Check occassionally to see when the IP address changed again to dynamic

Take ss of ipconfig /all

Now please go to event viewer and check any suspicious event between the above noted time and now. Please update here
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Operations

From novice to tech pro — start learning today.