General discussion

Locked

IP Address Conflict/Causes by Hacking??

By vincentneo ·
Hi,

I wonder anyone can help.

The problem start a couple of week, with my internet start fail time to time (Getting more and more often). Start with error msg "IP Address Conflict", and i do check and even prevent that from happening using "Static IP Address" on every system on my network. It seem that is solve the problem but two things i discover:
1) My internet connection seem to slow down
2) One of my pc, once connect to the network, it would cause my internet to fail.

I read a couple of document on IP conflict, some mention it could be "Someone Hacking in my network".

Can anyone how to solve the following problem?

Thanks in advance

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

COULD BE SEVERAL SOURCES

by FluxIt In reply to IP Address Conflict/Cause ...

Certainly hacking is one of the possibilities. If a hack was occuring that would cause this kind of effect you'll want to investigate impostering or tunnelling techniques. Use some forensic tools and determine where which ip address is causing this and run a trace route on it.

Another possibility is that the IP is being used as a bogus IP from some handler and you may be get all the request it is stirring up. Are there any time trends on this issue?

Is the IP registered? Are you runninga NAT? Do you have a firewall, IDS, or silent runner on the network?

Also you'll want to purge all the router tables and flush the IP our of any caches. I would write a batch file and run it on login. Disconnect everyone after work and force them to login the next day.

Collapse -

Probably due more

by LordInfidel In reply to COULD BE SEVERAL SOURCES

to 2 systems having the same IP statically assigned to it.

Or if you are using dhcp, someone has assigned a static IP to themselves that belongs to the dhcp range.

Next time it happens, change the ip of your system to a different one.

Ping the ip in conflict.

From a command prompt check the arp table
arp -a

Look at the physical address' in the arp table.
The first few numbers will be the manufacture ID of the nic. Use that info to find the violating machine. Then you can look for machines with that brand of nic.

Or you can start up a packet sniffer, try to connect to the machine via ip
\\x.x.x.x
It should generate some netbios traffic and you can see what the machine name is.

Collapse -

by tbragsda In reply to IP Address Conflict/Cause ...

Look at this PC that you say "once connected... causes my internet to fail." I would bet on a bad NIC.

Replace the NIC and see what happens.

Were you using DHCP before? and what about the other questions, how about NAT?

Collapse -

Changing to static is only half...

by admin In reply to IP Address Conflict/Cause ...

you need to turn your DHCP server(s) off too. If you are going to run both, make sure you do a little planning and don't overlap ip's.

It's probably not "hacking".

:)

Back to IT Employment Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums