Solved

Does IP address conflict or attempt by other devices to connect to a network indicate intrusion attempts?

Posted on 2016-07-29
10
84 Views
Last Modified: 2016-07-30
Does IP address conflict or attempt by other devices to connect to a network indicate intrusion attempts?

I first received this message a few days ago:

"Another device is trying to connect to this network."

And then this message this morning:

"Windows has detected an IP address conflict. Another computer on this network has the same IP address as this computer. Contact your network administrator for help resolving this issue. More details are available in the Windows System event log."

I live at a type of hotel facility now, and their network used to be very good about 6 months ago. But it is different now, much slower. This is in Thailand, where they gradually are implementing the same type of Big Firewall of China as they have in China. Could it have something to do with that?

My Windows is Windows 7 Home Premium, 64-bit.

I have a mobile USB internet also, and when I switched to that after having slow internet on the fixed line and had received the message "Another device is trying to connect to this network" immediately the speed became much faster and I could browse as normal.
0
Comment
Question by:hermesalpha
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 77

Assisted Solution

by:arnold
arnold earned 100 total points
ID: 41735382
It could.  If there are multiple events, multiple systems /firewall indication ip conflicts.

The more innocent is a misconfiguration where an ip that is dynamically distributed, was configured as static on one system

The conflict notice usually includes the MAC address of the system trying to bring the ip up.
An erroneous DHCP server or device with DHCP service incorrectly connected could lead to similar issues........
0
 

Author Comment

by:hermesalpha
ID: 41735389
The landlord doesn't know much about computers and networks; he had a new setup since I was here last time so that the routers get reset each 6 hours. Maybe some misconfiguration in this new setup.
0
 
LVL 1

Assisted Solution

by:wasimmm
wasimmm earned 150 total points
ID: 41735409
First thing I'd download a packet sniffer like wireshark and see what's really going on. Collect some logs of traffic where you are seeing these messages. Implement a local firewall (ipcop for example)  take control of your local traffic
0
 

Author Comment

by:hermesalpha
ID: 41735451
That sounds like a good thing to do wasimmm. I've been living at many different places in different countries, and in some cases I get the feeling that someone other is on my network. It's like its going back and forth: sometimes no problems, then sometimes very slow internet. It's different from virus or trojans where the internet constantly is slow and the cursor behaves strangely.
0
 
LVL 1

Expert Comment

by:wasimmm
ID: 41735467
What are the networks? Are You are using Ethernet socket in a hotel ? Some public internet or dsl with your own router?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 

Author Comment

by:hermesalpha
ID: 41735487
It's this normal setup, a router outside in the corridor which several apartments share, a main switch in the office of the landlord on the 1st floor. No own router, only connecting to the shared one outside in the corridor on the 2nd floor.

Don't know for sure the other details, but it behaves very differently from last time I was here, is taken down a few minutes each 6 hours and even in between that also.
0
 
LVL 5

Accepted Solution

by:
Gareth Tomlinson CISSP earned 250 total points
ID: 41735503
If the router is reset every 6 hours, the chances are it has assigned you an IP address with a "lease time" of greater than 12 hours. What happens with that is that your PC gets the IP address AND the details of the lease time from the router, and after 50% of the lease time it automatically checks and updates the IP.
If your lease time is 24 hours, you won't check again for 12 hours.
If the router has reset, it has lost the records of your IP address assignment and will happily give the same IP address to a different device.
I don't know why it is reset every 6 hours, but if that is the case the DNS lease time on the router should be set to a very low figure to allow for this
0
 

Author Closing Comment

by:hermesalpha
ID: 41735810
Thanks, it seems there shouldn't be too much to worry about then if Gareth's explanation is valid for this case.
0
 
LVL 1

Expert Comment

by:wasimmm
ID: 41736210
Well I dont think the reason for duplicate IP is due to the router re-assigning the same IP. Usually routers remember the MAC of the IP they assigned the IP to and even if the machine has gone offline, rarely would they give the same IP to a new MAC. As Arnold pointed out, it would seem someone is setting static IPs inside the network. Unmonitored local networks like this are great nuisance andand if your landlord hasnt put any security or QoS in place it could be the reason for the slow speeds and cutting off.

To keep  yourself safe make sure you have your firewall and security software enabled on your PC

As suggested I would download and run wireshark on your computer to take a deeper look at the traffic.
0
 
LVL 5

Expert Comment

by:Gareth Tomlinson CISSP
ID: 41736211
Wasimmm, routers can't remember the MAC if they have been restarted.  That's the giveaway here, the router disappears every 6 hours.
I agree completely that you should always  on your machine, along with a/v and anti malware of course.
Wireshark is an indispensable tool, but only if you understand network traffic and packet analysis.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Gmail Account risks 4 75
Getting EventID 4625 logon failures 18 106
Manual DNS and blocking mapped drives 8 88
Radius ASA Authentication Failed 4 53
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now