Duplicate IP Addresses on the network

[Musarathulla 0]

Hi,

Recently I found end users are getting duplicate IP addresses on the network notification, I have attached the snapshot for your easy reference.

Meanwhile I have blocked the Subnet under ESET Security Management Center but seems it appearing again and again.  Kindly advice

 

Thank you

[Marcos 5,070]

You should avoid assigning the same IP address to multiple devices in your network. Are all configured to get the IP address automatically from a DHCP server?

[Hpoonis 7]

IP range 169.254.x.x is a microsoft-provisioned DHCP address for nodes that cannot communicate with a valid DHCP server.

So one has to ask why they are using them?

[Musarathulla 0]

2 hours ago, Marcos said:

You should avoid assigning the same IP address to multiple devices in your network. Are all configured to get the IP address automatically from a DHCP server?

Thank you Marcos for your response,

I don't have 169.254.x.x network in my environment but getting notification

[Musarathulla 0]

15 minutes ago, Hpoonis said:

IP range 169.254.x.x is a microsoft-provisioned DHCP address for nodes that cannot communicate with a valid DHCP server.

So one has to ask why they are using them?

The message is annoying some times so I've blocked this network in Eset security management center and deployed the policies to all users but still getting this message,

Do my network compromise in anyways?

what are other possible ways to block this network,

 

[Marcos 5,070]

Obviously you have devices with such IPs that collide. In case of duplicate IP addresses in a network you may encounter issues; it's important to notify the user when such situation occurs.

Please enable advanced network protection logging under tools -> diagnostics, then wait until duplicate IP addresses are detected, then disable logging, collect logs with ESET Log Collector and provide me with the generated archive.

[web2wire 0]

I get these all the time and I definitely don't have any actual  duplicate IP addresses on my network.

What seems to confuse ESET is when devices have more than one interface. So I have some NAS devices that have two network interfaces and if I plug a cable into both of them then I get the duplicate IP warnings continuously even though each interface has it's own MAC and IP address.

Similarly I have a TV with both a wired and wireless network connection, again entirely different MAC and IP addresses, but I get duplicate IP addresses reported all the time for that, always reported as src and dest as both IP1 or IP2. I also get the odd ARP poisoning attack notification as well for the same IPs so I don't think ESET is very good at handling these kind of scenarios.

I can't see an easy way of just telling ESET that these specific instances aren't real and to ignore any further occurrences. If anyone know's how to do that via the remote management UI I'd be grateful.

[Marcos 5,070]

I assume you should be able to create IDS exceptions for the IP addresses used by devices with two network adapters.

[itman 1,659]

The Eset firewall doesn't recognize the APIPA: https://www.pcmag.com/encyclopedia/term/37858/apipa assigned address range; i.e. 169.254.xxx.xxx. Personally, I think its a bug.

In any case if the router or gateway is assigning APIPA addresses to devices, it is indicative of a problem with the DHCP server.

[Stefano 0]

Maybe your computer have two network adapter, maybe an ethernet and a wifi. Sometimes ESMC show the wrong ip, maybe you have a correctly wifi  connection and a APIPA assigned to ethernet, in this case ESMC show the ethernet ip and not the wifi ip. I see this problem more times.

[DHC 0]

Hi,

 

I have the same problem. It showes ip addresses that don't exist.

internal loop os some kind.

Any ideas?

[Marcos 5,070]

If you are able to reproduce it, enable advanced network protection logging in the advanced setup -> tools -> diagnostics, reproduce the detection, disable logging, collect logs with ESET Log Collector and upload the generated archive here.

[mxp 0]

37 minutes ago, Marcos said:

If you are able to reproduce it, enable advanced network protection logging in the advanced setup -> tools -> diagnostics, reproduce the detection, disable logging, collect logs with ESET Log Collector and upload the generated archive here.

Having the same issue here. Attached era-diagnostic-logs too

era-diagnostic-logs_2019-10-14_15-29-24.zip

[Marcos 5,070]

4 minutes ago, mxp said:

Having the same issue here. Attached era-diagnostic-logs too

era-diagnostic-logs_2019-10-14_15-29-24.zip 2.39 MB · 2 downloads

In this case advanced network protection logging was not enabled in the Diagnostics section:

[itman 1,659]

1 hour ago, DHC said:

Hi,

I have the same problem. It showes ip addresses that don't exist.

internal loop os some kind.

Any ideas?

If the IP addresses being shown fall into this range, 169.254.x.x, there is most likely a problem with the DHCP server on your gateway. If internal network addresses cannot be assigned via DHCP, Windows will assign temporary IP addresses in this range, 169.254.x.x.

Edited October 14, 2019 by itman

[mxp 0]

42 minutes ago, itman said:

If the IP addresses being shown fall into this range, 169.254.x.x, there is most likely a problem with the DHCP server on your gateway. If internal network addresses cannot be assigned via DHCP, Windows will assign temporary IP addresses in this range, 169.254.x.x.

in my case, the showed IP is "192.168.12.94"

[itman 1,659]

36 minutes ago, mxp said:

in my case, the showed IP is "192.168.12.94"

Does this apply to your situation: https://forum.eset.com/topic/19424-duplicate-ip-addresses-on-network-cause-by-vpn-and-rdp/

[mxp 0]

17 hours ago, itman said:

Does this apply to your situation: https://forum.eset.com/topic/19424-duplicate-ip-addresses-on-network-cause-by-vpn-and-rdp/

Thanks, i was able to sort out my problem with the provided link.