Musarathulla 0 Posted August 20, 2019 Share Posted August 20, 2019 Hi, Recently I found end users are getting duplicate IP addresses on the network notification, I have attached the snapshot for your easy reference. Meanwhile I have blocked the Subnet under ESET Security Management Center but seems it appearing again and again. Kindly advice Thank you Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted August 20, 2019 Administrators Share Posted August 20, 2019 You should avoid assigning the same IP address to multiple devices in your network. Are all configured to get the IP address automatically from a DHCP server? Link to comment Share on other sites More sharing options...
Hpoonis 7 Posted August 20, 2019 Share Posted August 20, 2019 IP range 169.254.x.x is a microsoft-provisioned DHCP address for nodes that cannot communicate with a valid DHCP server. So one has to ask why they are using them? Link to comment Share on other sites More sharing options...
Musarathulla 0 Posted August 20, 2019 Author Share Posted August 20, 2019 2 hours ago, Marcos said: You should avoid assigning the same IP address to multiple devices in your network. Are all configured to get the IP address automatically from a DHCP server? Thank you Marcos for your response, I don't have 169.254.x.x network in my environment but getting notification Link to comment Share on other sites More sharing options...
Musarathulla 0 Posted August 20, 2019 Author Share Posted August 20, 2019 15 minutes ago, Hpoonis said: IP range 169.254.x.x is a microsoft-provisioned DHCP address for nodes that cannot communicate with a valid DHCP server. So one has to ask why they are using them? The message is annoying some times so I've blocked this network in Eset security management center and deployed the policies to all users but still getting this message, Do my network compromise in anyways? what are other possible ways to block this network, Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted August 20, 2019 Administrators Share Posted August 20, 2019 Obviously you have devices with such IPs that collide. In case of duplicate IP addresses in a network you may encounter issues; it's important to notify the user when such situation occurs. Please enable advanced network protection logging under tools -> diagnostics, then wait until duplicate IP addresses are detected, then disable logging, collect logs with ESET Log Collector and provide me with the generated archive. Link to comment Share on other sites More sharing options...
web2wire 0 Posted August 29, 2019 Share Posted August 29, 2019 I get these all the time and I definitely don't have any actual duplicate IP addresses on my network. What seems to confuse ESET is when devices have more than one interface. So I have some NAS devices that have two network interfaces and if I plug a cable into both of them then I get the duplicate IP warnings continuously even though each interface has it's own MAC and IP address. Similarly I have a TV with both a wired and wireless network connection, again entirely different MAC and IP addresses, but I get duplicate IP addresses reported all the time for that, always reported as src and dest as both IP1 or IP2. I also get the odd ARP poisoning attack notification as well for the same IPs so I don't think ESET is very good at handling these kind of scenarios. I can't see an easy way of just telling ESET that these specific instances aren't real and to ignore any further occurrences. If anyone know's how to do that via the remote management UI I'd be grateful. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted August 29, 2019 Administrators Share Posted August 29, 2019 I assume you should be able to create IDS exceptions for the IP addresses used by devices with two network adapters. Link to comment Share on other sites More sharing options...
itman 1,742 Posted August 29, 2019 Share Posted August 29, 2019 The Eset firewall doesn't recognize the APIPA: https://www.pcmag.com/encyclopedia/term/37858/apipa assigned address range; i.e. 169.254.xxx.xxx. Personally, I think its a bug. In any case if the router or gateway is assigning APIPA addresses to devices, it is indicative of a problem with the DHCP server. Bigk 1 Link to comment Share on other sites More sharing options...
Stefano 0 Posted September 18, 2019 Share Posted September 18, 2019 Maybe your computer have two network adapter, maybe an ethernet and a wifi. Sometimes ESMC show the wrong ip, maybe you have a correctly wifi connection and a APIPA assigned to ethernet, in this case ESMC show the ethernet ip and not the wifi ip. I see this problem more times. Link to comment Share on other sites More sharing options...
DHC 0 Posted October 14, 2019 Share Posted October 14, 2019 Hi, I have the same problem. It showes ip addresses that don't exist. internal loop os some kind. Any ideas? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted October 14, 2019 Administrators Share Posted October 14, 2019 If you are able to reproduce it, enable advanced network protection logging in the advanced setup -> tools -> diagnostics, reproduce the detection, disable logging, collect logs with ESET Log Collector and upload the generated archive here. Link to comment Share on other sites More sharing options...
mxp 0 Posted October 14, 2019 Share Posted October 14, 2019 37 minutes ago, Marcos said: If you are able to reproduce it, enable advanced network protection logging in the advanced setup -> tools -> diagnostics, reproduce the detection, disable logging, collect logs with ESET Log Collector and upload the generated archive here. Having the same issue here. Attached era-diagnostic-logs too era-diagnostic-logs_2019-10-14_15-29-24.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,235 Posted October 14, 2019 Administrators Share Posted October 14, 2019 4 minutes ago, mxp said: Having the same issue here. Attached era-diagnostic-logs too era-diagnostic-logs_2019-10-14_15-29-24.zip 2.39 MB · 2 downloads In this case advanced network protection logging was not enabled in the Diagnostics section: Link to comment Share on other sites More sharing options...
itman 1,742 Posted October 14, 2019 Share Posted October 14, 2019 (edited) 1 hour ago, DHC said: Hi, I have the same problem. It showes ip addresses that don't exist. internal loop os some kind. Any ideas? If the IP addresses being shown fall into this range, 169.254.x.x, there is most likely a problem with the DHCP server on your gateway. If internal network addresses cannot be assigned via DHCP, Windows will assign temporary IP addresses in this range, 169.254.x.x. Edited October 14, 2019 by itman Link to comment Share on other sites More sharing options...
mxp 0 Posted October 14, 2019 Share Posted October 14, 2019 42 minutes ago, itman said: If the IP addresses being shown fall into this range, 169.254.x.x, there is most likely a problem with the DHCP server on your gateway. If internal network addresses cannot be assigned via DHCP, Windows will assign temporary IP addresses in this range, 169.254.x.x. in my case, the showed IP is "192.168.12.94" Link to comment Share on other sites More sharing options...
itman 1,742 Posted October 14, 2019 Share Posted October 14, 2019 36 minutes ago, mxp said: in my case, the showed IP is "192.168.12.94" Does this apply to your situation: https://forum.eset.com/topic/19424-duplicate-ip-addresses-on-network-cause-by-vpn-and-rdp/ mxp 1 Link to comment Share on other sites More sharing options...
mxp 0 Posted October 15, 2019 Share Posted October 15, 2019 17 hours ago, itman said: Does this apply to your situation: https://forum.eset.com/topic/19424-duplicate-ip-addresses-on-network-cause-by-vpn-and-rdp/ Thanks, i was able to sort out my problem with the provided link. Link to comment Share on other sites More sharing options...
Recommended Posts