Solved

Does IP address conflict or attempt by other devices to connect to a network indicate intrusion attempts?

Posted on 2016-07-29
10
74 Views
Last Modified: 2016-07-30
Does IP address conflict or attempt by other devices to connect to a network indicate intrusion attempts?

I first received this message a few days ago:

"Another device is trying to connect to this network."

And then this message this morning:

"Windows has detected an IP address conflict. Another computer on this network has the same IP address as this computer. Contact your network administrator for help resolving this issue. More details are available in the Windows System event log."

I live at a type of hotel facility now, and their network used to be very good about 6 months ago. But it is different now, much slower. This is in Thailand, where they gradually are implementing the same type of Big Firewall of China as they have in China. Could it have something to do with that?

My Windows is Windows 7 Home Premium, 64-bit.

I have a mobile USB internet also, and when I switched to that after having slow internet on the fixed line and had received the message "Another device is trying to connect to this network" immediately the speed became much faster and I could browse as normal.
0
Comment
Question by:hermesalpha
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 76

Assisted Solution

by:arnold
arnold earned 100 total points
ID: 41735382
It could.  If there are multiple events, multiple systems /firewall indication ip conflicts.

The more innocent is a misconfiguration where an ip that is dynamically distributed, was configured as static on one system

The conflict notice usually includes the MAC address of the system trying to bring the ip up.
An erroneous DHCP server or device with DHCP service incorrectly connected could lead to similar issues........
0
 

Author Comment

by:hermesalpha
ID: 41735389
The landlord doesn't know much about computers and networks; he had a new setup since I was here last time so that the routers get reset each 6 hours. Maybe some misconfiguration in this new setup.
0
 
LVL 1

Assisted Solution

by:wasimmm
wasimmm earned 150 total points
ID: 41735409
First thing I'd download a packet sniffer like wireshark and see what's really going on. Collect some logs of traffic where you are seeing these messages. Implement a local firewall (ipcop for example)  take control of your local traffic
0
 

Author Comment

by:hermesalpha
ID: 41735451
That sounds like a good thing to do wasimmm. I've been living at many different places in different countries, and in some cases I get the feeling that someone other is on my network. It's like its going back and forth: sometimes no problems, then sometimes very slow internet. It's different from virus or trojans where the internet constantly is slow and the cursor behaves strangely.
0
 
LVL 1

Expert Comment

by:wasimmm
ID: 41735467
What are the networks? Are You are using Ethernet socket in a hotel ? Some public internet or dsl with your own router?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:hermesalpha
ID: 41735487
It's this normal setup, a router outside in the corridor which several apartments share, a main switch in the office of the landlord on the 1st floor. No own router, only connecting to the shared one outside in the corridor on the 2nd floor.

Don't know for sure the other details, but it behaves very differently from last time I was here, is taken down a few minutes each 6 hours and even in between that also.
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 250 total points
ID: 41735503
If the router is reset every 6 hours, the chances are it has assigned you an IP address with a "lease time" of greater than 12 hours. What happens with that is that your PC gets the IP address AND the details of the lease time from the router, and after 50% of the lease time it automatically checks and updates the IP.
If your lease time is 24 hours, you won't check again for 12 hours.
If the router has reset, it has lost the records of your IP address assignment and will happily give the same IP address to a different device.
I don't know why it is reset every 6 hours, but if that is the case the DNS lease time on the router should be set to a very low figure to allow for this
0
 

Author Closing Comment

by:hermesalpha
ID: 41735810
Thanks, it seems there shouldn't be too much to worry about then if Gareth's explanation is valid for this case.
0
 
LVL 1

Expert Comment

by:wasimmm
ID: 41736210
Well I dont think the reason for duplicate IP is due to the router re-assigning the same IP. Usually routers remember the MAC of the IP they assigned the IP to and even if the machine has gone offline, rarely would they give the same IP to a new MAC. As Arnold pointed out, it would seem someone is setting static IPs inside the network. Unmonitored local networks like this are great nuisance andand if your landlord hasnt put any security or QoS in place it could be the reason for the slow speeds and cutting off.

To keep  yourself safe make sure you have your firewall and security software enabled on your PC

As suggested I would download and run wireshark on your computer to take a deeper look at the traffic.
0
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41736211
Wasimmm, routers can't remember the MAC if they have been restarted.  That's the giveaway here, the router disappears every 6 hours.
I agree completely that you should always  on your machine, along with a/v and anti malware of course.
Wireshark is an indispensable tool, but only if you understand network traffic and packet analysis.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Virus Kronos 4 65
CodeIgniter XSS confusion 5 49
PowerShell to Audit GPO's 2 52
Getting EventID 4625 logon failures 18 76
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now