Does IP address conflict or attempt by other devices to connect to a network indicate intrusion attempts?

Does IP address conflict or attempt by other devices to connect to a network indicate intrusion attempts?

I first received this message a few days ago:

"Another device is trying to connect to this network."

And then this message this morning:

"Windows has detected an IP address conflict. Another computer on this network has the same IP address as this computer. Contact your network administrator for help resolving this issue. More details are available in the Windows System event log."

I live at a type of hotel facility now, and their network used to be very good about 6 months ago. But it is different now, much slower. This is in Thailand, where they gradually are implementing the same type of Big Firewall of China as they have in China. Could it have something to do with that?

My Windows is Windows 7 Home Premium, 64-bit.

I have a mobile USB internet also, and when I switched to that after having slow internet on the fixed line and had received the message "Another device is trying to connect to this network" immediately the speed became much faster and I could browse as normal.
LVL 1
hermesalphaAsked:
Who is Participating?
 
Gareth Tomlinson CISSPNetwork and Security ManagerCommented:
If the router is reset every 6 hours, the chances are it has assigned you an IP address with a "lease time" of greater than 12 hours. What happens with that is that your PC gets the IP address AND the details of the lease time from the router, and after 50% of the lease time it automatically checks and updates the IP.
If your lease time is 24 hours, you won't check again for 12 hours.
If the router has reset, it has lost the records of your IP address assignment and will happily give the same IP address to a different device.
I don't know why it is reset every 6 hours, but if that is the case the DNS lease time on the router should be set to a very low figure to allow for this
0
 
arnoldCommented:
It could.  If there are multiple events, multiple systems /firewall indication ip conflicts.

The more innocent is a misconfiguration where an ip that is dynamically distributed, was configured as static on one system

The conflict notice usually includes the MAC address of the system trying to bring the ip up.
An erroneous DHCP server or device with DHCP service incorrectly connected could lead to similar issues........
0
 
hermesalphaAuthor Commented:
The landlord doesn't know much about computers and networks; he had a new setup since I was here last time so that the routers get reset each 6 hours. Maybe some misconfiguration in this new setup.
0
Live Q & A: Securing Your Wi-Fi for Summer Travel

Traveling this summer? Join us on June 18, 2018 for a live stream to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
wasimmmCommented:
First thing I'd download a packet sniffer like wireshark and see what's really going on. Collect some logs of traffic where you are seeing these messages. Implement a local firewall (ipcop for example)  take control of your local traffic
0
 
hermesalphaAuthor Commented:
That sounds like a good thing to do wasimmm. I've been living at many different places in different countries, and in some cases I get the feeling that someone other is on my network. It's like its going back and forth: sometimes no problems, then sometimes very slow internet. It's different from virus or trojans where the internet constantly is slow and the cursor behaves strangely.
0
 
wasimmmCommented:
What are the networks? Are You are using Ethernet socket in a hotel ? Some public internet or dsl with your own router?
0
 
hermesalphaAuthor Commented:
It's this normal setup, a router outside in the corridor which several apartments share, a main switch in the office of the landlord on the 1st floor. No own router, only connecting to the shared one outside in the corridor on the 2nd floor.

Don't know for sure the other details, but it behaves very differently from last time I was here, is taken down a few minutes each 6 hours and even in between that also.
0
 
hermesalphaAuthor Commented:
Thanks, it seems there shouldn't be too much to worry about then if Gareth's explanation is valid for this case.
0
 
wasimmmCommented:
Well I dont think the reason for duplicate IP is due to the router re-assigning the same IP. Usually routers remember the MAC of the IP they assigned the IP to and even if the machine has gone offline, rarely would they give the same IP to a new MAC. As Arnold pointed out, it would seem someone is setting static IPs inside the network. Unmonitored local networks like this are great nuisance andand if your landlord hasnt put any security or QoS in place it could be the reason for the slow speeds and cutting off.

To keep  yourself safe make sure you have your firewall and security software enabled on your PC

As suggested I would download and run wireshark on your computer to take a deeper look at the traffic.
0
 
Gareth Tomlinson CISSPNetwork and Security ManagerCommented:
Wasimmm, routers can't remember the MAC if they have been restarted.  That's the giveaway here, the router disappears every 6 hours.
I agree completely that you should always  on your machine, along with a/v and anti malware of course.
Wireshark is an indispensable tool, but only if you understand network traffic and packet analysis.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.