Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Strange results - Is my network being hacked? 1

Status
Not open for further replies.
DavePeters

DavePeters

Technical User
Jun 13, 2003
30
GB
Hello, here's my setup.

D-Link DI-614+ Router - cable modem attached.
home1 = Win XP home - networked via cat 5 cable.
home2 = Win 98 SE - networked via cat 5 cable.

laptop = Win XP Laptop - networked via wireless card.

I've setup my network a couple of weeks ago, i've enabled WEP encryption, MAC filtering, turned on the firewall, granted access to all networked machines. I also updated the firmware.


My problem /question is when ever I ping a machine e.g ping home1 I get a reply from 66.220.17.45 (even if the machine isnt switched on or plugged into the router!), if I ping home2 I get the same IP, and of course the IP should be in the range of 192.168.0.XXX. If I ping the machine i'm using (e.g home1 pings home1) then I get a reply from the correct IP.

I've traced the IP and the hostname = 45.17.220.66.in-addr.arpa

I'm not sure if i'm being hacked? I would be grateful for ANY replies!


Thanks a lot

Dave
 
Sort by date Sort by votes
Check your HOSTS file.

It certainly does not sound as if you are getting hacked. What does the firewall logs say?
 
Upvote 0 Downvote
Thanks for the response bcastner, I just dont understand why the ping reply is from 66.220.17.45.

Heres whats in the firewall log:

Aug/13/2003 02:15:16 DHCP lease IP 192.168.0.101 to home1 00-10-DC-69-C2-42
Aug/13/2003 02:15:16 Target IP(255.255.255.255), Target Port(67) Packet Dropped
Aug/13/2003 02:15:16 Spoof IP(0.0.0.0), Spoof Port(68)
Aug/13/2003 02:15:16 Spoof Attack fromd MAC(00-10-DC-69-C2-42) Detect,
Aug/13/2003 02:09:12 SYN Flood Attack Detect Packet Dropped

THE SPOOF ATTACK FROM MAC 00-10-DC-69-C2-42 IS THE MAC ADDRESS OF THE WIN 98 MACHINE SO I DONT KNOW WHY ITS IN THE LOG.
 
Upvote 0 Downvote
This is typical of routers with SPI.
In this case it is identifying a DHCP broadcast as a flood attack.

You might see about tuning your SPI parameters.
 
Upvote 0 Downvote
So its returning a wrong IP because of the SPI. Ok thanks a lot, I thought that its a strange problem as I pinged different machines and they returned the same IP.

thank you bcastner, your always helpful and its much appreciated.
 
Upvote 0 Downvote
It certainly is blocking normal DHCP ack sequences from your own machines, which is why they are repeated.

That should be adjustable by specifying your own IP addresses as being secure or trusted. Somewhere it should let you have all traffic from 192.168.0.0 through 192.168.0.255 as acceptable traffic.

Your original thread though is curious, and you should check your HOSTS file found in c:\windows\systems32\etc
You can use notepad to examine the file. It really should be a bunch of comments about how to use the hosts file ending with one true entry for localhost 127.0.0.1 and that is all.

But click this link and tell me what your WAN IP is:
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
806
pjw001
pjw001
hamburg18w
  • Locked
  • Question
Task Host is Stopping the Shutdown
Replies
1
Views
908
Ign3us
Ign3us
Flinx
  • Locked
  • Question
Windows 10 Strange problems recently appear caused by microsoft ransomeware protection
Replies
3
Views
1K
Andrzejek
Andrzejek
pmonett
  • Locked
  • Question
What is this now ? 1
Replies
8
Views
1K
pmonett
pmonett
jjjthird333
  • Locked
  • Question
rename a doamin computer when it is offline?
Replies
3
Views
468
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top