Solved

Does IP address conflict or attempt by other devices to connect to a network indicate intrusion attempts?

Posted on 2016-07-29
10
88 Views
Last Modified: 2016-07-30
Does IP address conflict or attempt by other devices to connect to a network indicate intrusion attempts?

I first received this message a few days ago:

"Another device is trying to connect to this network."

And then this message this morning:

"Windows has detected an IP address conflict. Another computer on this network has the same IP address as this computer. Contact your network administrator for help resolving this issue. More details are available in the Windows System event log."

I live at a type of hotel facility now, and their network used to be very good about 6 months ago. But it is different now, much slower. This is in Thailand, where they gradually are implementing the same type of Big Firewall of China as they have in China. Could it have something to do with that?

My Windows is Windows 7 Home Premium, 64-bit.

I have a mobile USB internet also, and when I switched to that after having slow internet on the fixed line and had received the message "Another device is trying to connect to this network" immediately the speed became much faster and I could browse as normal.
0
Comment
Question by:hermesalpha
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 77

Assisted Solution

by:arnold
arnold earned 100 total points
ID: 41735382
It could.  If there are multiple events, multiple systems /firewall indication ip conflicts.

The more innocent is a misconfiguration where an ip that is dynamically distributed, was configured as static on one system

The conflict notice usually includes the MAC address of the system trying to bring the ip up.
An erroneous DHCP server or device with DHCP service incorrectly connected could lead to similar issues........
0
 

Author Comment

by:hermesalpha
ID: 41735389
The landlord doesn't know much about computers and networks; he had a new setup since I was here last time so that the routers get reset each 6 hours. Maybe some misconfiguration in this new setup.
0
 
LVL 1

Assisted Solution

by:wasimmm
wasimmm earned 150 total points
ID: 41735409
First thing I'd download a packet sniffer like wireshark and see what's really going on. Collect some logs of traffic where you are seeing these messages. Implement a local firewall (ipcop for example)  take control of your local traffic
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:hermesalpha
ID: 41735451
That sounds like a good thing to do wasimmm. I've been living at many different places in different countries, and in some cases I get the feeling that someone other is on my network. It's like its going back and forth: sometimes no problems, then sometimes very slow internet. It's different from virus or trojans where the internet constantly is slow and the cursor behaves strangely.
0
 
LVL 1

Expert Comment

by:wasimmm
ID: 41735467
What are the networks? Are You are using Ethernet socket in a hotel ? Some public internet or dsl with your own router?
0
 

Author Comment

by:hermesalpha
ID: 41735487
It's this normal setup, a router outside in the corridor which several apartments share, a main switch in the office of the landlord on the 1st floor. No own router, only connecting to the shared one outside in the corridor on the 2nd floor.

Don't know for sure the other details, but it behaves very differently from last time I was here, is taken down a few minutes each 6 hours and even in between that also.
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 250 total points
ID: 41735503
If the router is reset every 6 hours, the chances are it has assigned you an IP address with a "lease time" of greater than 12 hours. What happens with that is that your PC gets the IP address AND the details of the lease time from the router, and after 50% of the lease time it automatically checks and updates the IP.
If your lease time is 24 hours, you won't check again for 12 hours.
If the router has reset, it has lost the records of your IP address assignment and will happily give the same IP address to a different device.
I don't know why it is reset every 6 hours, but if that is the case the DNS lease time on the router should be set to a very low figure to allow for this
0
 

Author Closing Comment

by:hermesalpha
ID: 41735810
Thanks, it seems there shouldn't be too much to worry about then if Gareth's explanation is valid for this case.
0
 
LVL 1

Expert Comment

by:wasimmm
ID: 41736210
Well I dont think the reason for duplicate IP is due to the router re-assigning the same IP. Usually routers remember the MAC of the IP they assigned the IP to and even if the machine has gone offline, rarely would they give the same IP to a new MAC. As Arnold pointed out, it would seem someone is setting static IPs inside the network. Unmonitored local networks like this are great nuisance andand if your landlord hasnt put any security or QoS in place it could be the reason for the slow speeds and cutting off.

To keep  yourself safe make sure you have your firewall and security software enabled on your PC

As suggested I would download and run wireshark on your computer to take a deeper look at the traffic.
0
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41736211
Wasimmm, routers can't remember the MAC if they have been restarted.  That's the giveaway here, the router disappears every 6 hours.
I agree completely that you should always  on your machine, along with a/v and anti malware of course.
Wireshark is an indispensable tool, but only if you understand network traffic and packet analysis.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How do I remove / delete my personal information from a website? 9 93
How to take over, control, & secure a network 9 82
Access 2016 5 54
Creating a Vendor Admin user 23 55
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question