|
linksys router and ip 192.168.2.255
so my roomate and i have been using a linksys etherfast router for more than a year now (model BEFSR41) and through my sygate personal firewall pro logs, i discovered that my machine has been sending a huge amount of information to the ip 192.168.2.255. now i understand that this is a broadcast ip, but before very recently i was neither sending nor recieving information from this ip address. i was just wondering if and how this personal intranet ip could be hijacked from an external source and used to get information/attack computers on my home network. i updated the firmware of the router 3 days ago to prevent lan-side DoS exploits that i read about in a forum, but after reconfiguring my router these strange communications with 192.168.2.255 started. is there a problem, or am i just being paranoid?
|
.255 is the default location of where the router will send the log, if it is enabled. check that out.
|
First off, what is your IP address?
|
the log is being sent to my machine, i try to keep my network on lockdown. my ip? on the network, or my isp ip for my network?
|
network IP (start, run, cmd, ipconfig /all)
|
no idea which ip you wanted, so here's all the flow minus sensitive information
Windows IP Configuration Host Name . . . . . . . . . . . . : Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : launchmodem.com Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) Physical Address. . . . . . . . . : Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.101 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.1.254 192.168.1.254 Lease Obtained. . . . . . . . . . : Tuesday, June 08, 2004 4:52:30 PM Lease Expires . . . . . . . . . . : Wednesday, June 09, 2004 4:52:30 PM |
Looks like your computer is broadcasting to your workgroup, but who know what.
I would make sure you have Anti-Virus with the latest virus defs installed and run a check. Also, you might want to get something like zone alarm and see if that will tell you what application is broadcasting. |
Now that you've broadcasted you IP, I sure hope you've changed the default admin password ;)
|
broadcasting my network ip isn't an issue, 192.168.x.x are reserved for private networks by one of those ip delegation peoples, i would imagine a bazillion or so people have the same one (ok, a bit of an exageration on the bazillion). plus, the default pass was already changed, and i cut everything out of the message that could be used to compromise my system
btw, i already have free avg, and ntoskernel.exe was the prog broadcasting from my pc and accepting info from 192.168.2.255 EDIT upon further research i found that the program broadcasting to 192.168.2.255 was ndisuio.sys, a driver used by the wireless configuration service built into xp. no idea why it was on, but i stopped it and haven't had anymore transmissions to the ip. thanks for the help |
| All times are GMT -8. The time now is 09:41 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
© 2002-2012 Tilted Forum Project