?
Solved

Does IP address conflict or attempt by other devices to connect to a network indicate intrusion attempts?

Posted on 2016-07-29
10
Medium Priority
?
204 Views
Last Modified: 2016-07-30
Does IP address conflict or attempt by other devices to connect to a network indicate intrusion attempts?

I first received this message a few days ago:

"Another device is trying to connect to this network."

And then this message this morning:

"Windows has detected an IP address conflict. Another computer on this network has the same IP address as this computer. Contact your network administrator for help resolving this issue. More details are available in the Windows System event log."

I live at a type of hotel facility now, and their network used to be very good about 6 months ago. But it is different now, much slower. This is in Thailand, where they gradually are implementing the same type of Big Firewall of China as they have in China. Could it have something to do with that?

My Windows is Windows 7 Home Premium, 64-bit.

I have a mobile USB internet also, and when I switched to that after having slow internet on the fixed line and had received the message "Another device is trying to connect to this network" immediately the speed became much faster and I could browse as normal.
0
Comment
Question by:hermesalpha
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 82

Assisted Solution

by:arnold
arnold earned 400 total points
ID: 41735382
It could.  If there are multiple events, multiple systems /firewall indication ip conflicts.

The more innocent is a misconfiguration where an ip that is dynamically distributed, was configured as static on one system

The conflict notice usually includes the MAC address of the system trying to bring the ip up.
An erroneous DHCP server or device with DHCP service incorrectly connected could lead to similar issues........
0
 
LVL 1

Author Comment

by:hermesalpha
ID: 41735389
The landlord doesn't know much about computers and networks; he had a new setup since I was here last time so that the routers get reset each 6 hours. Maybe some misconfiguration in this new setup.
0
 
LVL 1

Assisted Solution

by:wasimmm
wasimmm earned 600 total points
ID: 41735409
First thing I'd download a packet sniffer like wireshark and see what's really going on. Collect some logs of traffic where you are seeing these messages. Implement a local firewall (ipcop for example)  take control of your local traffic
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
LVL 1

Author Comment

by:hermesalpha
ID: 41735451
That sounds like a good thing to do wasimmm. I've been living at many different places in different countries, and in some cases I get the feeling that someone other is on my network. It's like its going back and forth: sometimes no problems, then sometimes very slow internet. It's different from virus or trojans where the internet constantly is slow and the cursor behaves strangely.
0
 
LVL 1

Expert Comment

by:wasimmm
ID: 41735467
What are the networks? Are You are using Ethernet socket in a hotel ? Some public internet or dsl with your own router?
0
 
LVL 1

Author Comment

by:hermesalpha
ID: 41735487
It's this normal setup, a router outside in the corridor which several apartments share, a main switch in the office of the landlord on the 1st floor. No own router, only connecting to the shared one outside in the corridor on the 2nd floor.

Don't know for sure the other details, but it behaves very differently from last time I was here, is taken down a few minutes each 6 hours and even in between that also.
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 1000 total points
ID: 41735503
If the router is reset every 6 hours, the chances are it has assigned you an IP address with a "lease time" of greater than 12 hours. What happens with that is that your PC gets the IP address AND the details of the lease time from the router, and after 50% of the lease time it automatically checks and updates the IP.
If your lease time is 24 hours, you won't check again for 12 hours.
If the router has reset, it has lost the records of your IP address assignment and will happily give the same IP address to a different device.
I don't know why it is reset every 6 hours, but if that is the case the DNS lease time on the router should be set to a very low figure to allow for this
0
 
LVL 1

Author Closing Comment

by:hermesalpha
ID: 41735810
Thanks, it seems there shouldn't be too much to worry about then if Gareth's explanation is valid for this case.
0
 
LVL 1

Expert Comment

by:wasimmm
ID: 41736210
Well I dont think the reason for duplicate IP is due to the router re-assigning the same IP. Usually routers remember the MAC of the IP they assigned the IP to and even if the machine has gone offline, rarely would they give the same IP to a new MAC. As Arnold pointed out, it would seem someone is setting static IPs inside the network. Unmonitored local networks like this are great nuisance andand if your landlord hasnt put any security or QoS in place it could be the reason for the slow speeds and cutting off.

To keep  yourself safe make sure you have your firewall and security software enabled on your PC

As suggested I would download and run wireshark on your computer to take a deeper look at the traffic.
0
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41736211
Wasimmm, routers can't remember the MAC if they have been restarted.  That's the giveaway here, the router disappears every 6 hours.
I agree completely that you should always  on your machine, along with a/v and anti malware of course.
Wireshark is an indispensable tool, but only if you understand network traffic and packet analysis.
0

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

You do not need to be a security expert to make the RIGHT security. You just need some 3D guidance, to help lay out an action plan to secure your business operations. It does not happen overnight. You just need to start now and do the first thin…
An Incident response plan is an organized approach to addressing and managing an incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question