• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 262
  • Last Modified:

LAN Connection Status


Hello there,

i had assigned static ip to my LAN,but now i see it is changed to dynamic which is weird,since i did not change it.when i go to the properties of the LAN Connection and select the Support Tab in there it says IP 10.0.0.2 and DG 10.0.0.1 which is what i had assigned as static. and in the General Tab,the Received Activity is just counting,i mean downloading but dont know what.
please help. this server is behand a sonicwall TW210 appliance. i figured this by chance when i was trying to Remote Desktop this machine from my LAN machine and I could not connect to this 10.0.0.2 machine from my lan machine 192.168.0.135

cheers
ZOlf
0
zolf
Asked:
zolf
  • 4
  • 3
  • 2
  • +1
3 Solutions
 
stergiumCommented:
hello.
it seems that someone is tampering with your server. If you set up you server with a static ip(1 static ip) address there is no way (not known to me at least) that  can change that . except fake ips (169.XXX.XXX.XXX) which  dont stay forever.
remove all your ip settings and set them up again. check also who might reconfiguring the computer...
hope that helps
0
 
xmlmagicianCommented:
i would suggest running some spyware etc software just to be on the safe side.
0
 
zolfAuthor Commented:

no one knows the password of th eserver except me. i have again assigned the ips and changed the password.
what spyware do i run on windows serer 2003
0
Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

 
moon_blue69Commented:
Hi

10.0.0.2 is the IP address which you have assigned for the server.

You are trying to connect to it from 192.168.0.135 which is on a different network. Is there any routing taking place. If there is no routing then it is not supposed to work.

Correct me if i havent understood your scenario. Activity will be there as there weill be different activities on the cable, its never meant to be idle

When you go to the properties, does it say the IP is assigned dynamically? Go to command prompt type ipconfig /all and find the address of the DHCP server which is assigning the IP(if you suspect you are getting it dynamic) now see if you identify the DHCP server.

Please update here


0
 
xmlmagicianCommented:
@zolf malwarebytes should be fine
0
 
zolfAuthor Commented:

>>You are trying to connect to it from 192.168.0.135 which is on a different network. Is there any routing taking place. If there is no routing then it is not supposed to work

this 10.0.0.2 server is in a DMZ,configured in the Sonicwall to allow the two subnets to communicate to each other.

>>When you go to the properties, does it say the IP is assigned dynamically?
when i setup the server 10.0.0.2,i assigned it static ip 10.0.0.2,but for some reason it was switched to dynamic and i learnt about this by change,when i could not connect anymore from my 192.168.0 subnet to this machine.

about the received,it is receiving data in 10,000 Bytes,so it means a lot of activity is going on.


1.txt
2.txt
0
 
zolfAuthor Commented:
0
 
zolfAuthor Commented:

this netstat is after running the malware app. there is an Foreign IP in it.what is that.


111.txt
0
 
moon_blue69Commented:
Here it showsI P address is configured statically

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VIA VT6105 Rhine III Compatible Fast Ethe
rnet Adapter #2
   Physical Address. . . . . . . . . : 00-22-B0-E2-C1-02
  DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.0.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.0.1
   DNS Servers . . . . . . . . . . . : 4.2.2.4

The IP geolookup gave the following information

http://www.ip-adress.com/ip_tracer/77.67.98.43

IP address [?]: 77.67.98.43 [Copy][Whois] [Reverse IP]  
IP country code: DE
IP address country: Germany
IP address state: n/a
IP address city: n/a
IP address latitude: 51.0000
IP address longitude: 9.0000
ISP of this IP [?]: Tinet SpA
Organization: AKAMAI TECHNOLOGIES

Does this help you to identify anything?
0
 
moon_blue69Commented:
I would ask you to do the following.

Try configuring the IP address statically again. Please note the time.

take a screen shot of the IP config /all

Check occassionally to see when the IP address changed again to dynamic

Take ss of ipconfig /all

Now please go to event viewer and check any suspicious event between the above noted time and now. Please update here
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now