06-08-2004, 08:37 AM | #1 (permalink) |
Psycho
Location: i live in the state of denial
|
linksys router and ip 192.168.2.255
so my roomate and i have been using a linksys etherfast router for more than a year now (model BEFSR41) and through my sygate personal firewall pro logs, i discovered that my machine has been sending a huge amount of information to the ip 192.168.2.255. now i understand that this is a broadcast ip, but before very recently i was neither sending nor recieving information from this ip address. i was just wondering if and how this personal intranet ip could be hijacked from an external source and used to get information/attack computers on my home network. i updated the firmware of the router 3 days ago to prevent lan-side DoS exploits that i read about in a forum, but after reconfiguring my router these strange communications with 192.168.2.255 started. is there a problem, or am i just being paranoid?
|
06-08-2004, 09:12 AM | #2 (permalink) |
I flopped the nutz...
Location: Stratford, CT
|
.255 is the default location of where the router will send the log, if it is enabled. check that out.
__________________
Until the 20th century, reality was everything humans could touch, smell, see, and hear. Since the initial publication of the charted electromagnetic spectrum, humans have learned that what they can touch, smell, see, and hear is less than one millionth of reality |
06-08-2004, 10:12 AM | #5 (permalink) |
I flopped the nutz...
Location: Stratford, CT
|
network IP (start, run, cmd, ipconfig /all)
__________________
Until the 20th century, reality was everything humans could touch, smell, see, and hear. Since the initial publication of the charted electromagnetic spectrum, humans have learned that what they can touch, smell, see, and hear is less than one millionth of reality |
06-08-2004, 01:00 PM | #6 (permalink) |
Psycho
Location: i live in the state of denial
|
no idea which ip you wanted, so here's all the flow minus sensitive information
Windows IP Configuration Host Name . . . . . . . . . . . . : Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : launchmodem.com Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) Physical Address. . . . . . . . . : Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.101 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.1.254 192.168.1.254 Lease Obtained. . . . . . . . . . : Tuesday, June 08, 2004 4:52:30 PM Lease Expires . . . . . . . . . . : Wednesday, June 09, 2004 4:52:30 PM |
06-08-2004, 01:16 PM | #7 (permalink) |
"Officer, I was in fear for my life"
Location: Oklahoma City
|
Looks like your computer is broadcasting to your workgroup, but who know what.
I would make sure you have Anti-Virus with the latest virus defs installed and run a check. Also, you might want to get something like zone alarm and see if that will tell you what application is broadcasting. |
06-09-2004, 07:59 AM | #9 (permalink) |
Psycho
Location: i live in the state of denial
|
broadcasting my network ip isn't an issue, 192.168.x.x are reserved for private networks by one of those ip delegation peoples, i would imagine a bazillion or so people have the same one (ok, a bit of an exageration on the bazillion). plus, the default pass was already changed, and i cut everything out of the message that could be used to compromise my system
btw, i already have free avg, and ntoskernel.exe was the prog broadcasting from my pc and accepting info from 192.168.2.255 EDIT upon further research i found that the program broadcasting to 192.168.2.255 was ndisuio.sys, a driver used by the wireless configuration service built into xp. no idea why it was on, but i stopped it and haven't had anymore transmissions to the ip. thanks for the help Last edited by bacon_masta; 06-09-2004 at 10:24 AM.. |
Tags |
linksys, router |
|
|