Jump to content

Identical IP detection

fish72
 Share

Recommended Posts

fish72

fish72 0

Posted
Posted

Hello,

I have a client with an office of about 10 computers, And on most of them (except one) there's internet internet security installed.

All of them (except one that has windows 10) have windows 7 pro x64 OS.

All the computers are connected via Audio-Codec router, Which also provides voip phone services for the office.

I also connected 2 routers as AP's to cover the office wi-fi all over (Disabled DHCP and Firewall and connected LAN TO LAN cable with static IP).

All computers are configured with static IP's and Google's DNS's.

This network worked great for the past year without any glitches. In the past week one of the users called and asked about "Identical IP detected" that popped-up on his computer. I remote login into his computer, And thought it's a router glitch, So I've asked him to restart the main audio-codec router, But the problem kept coming.

I've changed his static IP, But his computer was given the "Identical ip detected", So I looked at the firewall log, And went to the computer that was "attacking", Ran full in depth scan and even changed his IP, But the previous user kept getting the "Identical ip detected" message now from ANOTHER user on the network.

I tried the DNS FLUSH TOOL, But that didn't helped.

For now, I just added 192.168.0.1/24 to the firewall "Known networks", Which for now seems to stop the "attacks", But I think it's more than a patch, And I would like to see the reason for the internal "attack"

P.S. On this specific computer that started all of this, I couldn't choose "Ignore this message" when I wanted to change how the computer handle it. On other computers on the network I could change it.

Your help would be appreciated.

 

Thank you

Link to comment
Share on other sites
fish72

fish72 0

Posted
  • Author
Posted

Hi Itman,

Thank you for trying to help, But if you have noticed, I worte :

"All computers are configured with static IP's and Google's DNS's"

So release/renew won't help in this case

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

Please enable advanced firewall logging and reproduce the detection of identical IP addresses. Then disable logging, collect logs with ELC, upload the generated archive to a safe location and pm me a download link.

Link to comment
Share on other sites
fish72

fish72 0

Posted
  • Author
Posted

Hi Marcos,

 

I've enabled the advanced firewall logging, But it keeps a popup every minute or so that it is enabled and that I will not forget to turn it off.

Is there a way to produce non annoying log collection ?

The IP detection problems doesn't occur that often, And if I can't disable the log collection pop-up, I can't leave the collection on, Because it it really annoying (More than the IP detection lol)

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted
58 minutes ago, fish72 said:

Is there a way to produce non annoying log collection ?

Currently that's not possible since enabling this option will generate huge firewall logs in the diagnostics folder and therefore advanced logging shouldn't be turned on for a long time.

I'll ask developers if it'd be possible to create and provide you with a special version of the firewall that would have advanced logging limited to the detection of identical IP addresses.

Link to comment
Share on other sites
fish72

fish72 0

Posted
  • Author
Posted (edited)

Thank you Marcos.

Maybe an option for time-limiting of logging can be added (x number of hours for example)

Edited by fish72
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted
2 hours ago, fish72 said:

Maybe an option for time-limiting of logging can be added (x number of hours for example)

That's not a good idea. If it was time limited, the log might not contain the valuable data that we need if logging was not stopped after an issue has manifested. On the other hand, also extremely large logs would be difficult, if not impossible to process, e.g. if opening very large pcapng logs in Wireshark would take hours or if opening them would end up with memory exhaustion.

Link to comment
Share on other sites
fish72

fish72 0

Posted
  • Author
Posted

I understand and wasn't aware of such problems in logs processing. Since yesterday I haven't heard from my client, So I hope that for now the problem is solved.I've logged into his secretary computer and so no firewall log messages.I will also remove the "known networks" which I've added to the complainer's computer, And will see if the ip duplication message returns.

There was an occasinal worker which I didn't knew about until yesterday, That connected to the office's wifi, And which I've asked him to install eset internet security 30 days trial, Because he was only using windows 10 defender and one of the ip duplication messages was from his ip address (I've identified it by his computer's name in the "connected home monitor". He will return to the office in about 2 weeks, And by then I will know if problem was solved or not.

Anyway the help that you offer Marcos is great and I really appreciate it. It's so good to know that people at ESET care and also have a GREAT product.

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...