Jump to content

Duplicate IP Addresses on the network


Musarathulla
 Share

Recommended Posts

Hi,

Recently I found end users are getting duplicate IP addresses on the network notification, I have attached the snapshot for your easy reference.

Meanwhile I have blocked the Subnet under ESET Security Management Center but seems it appearing again and again.  Kindly advice

 

Thank you

ESET Error.jpg

Link to comment
Share on other sites

  • Administrators

You should avoid assigning the same IP address to multiple devices in your network. Are all configured to get the IP address automatically from a DHCP server?

Link to comment
Share on other sites

IP range 169.254.x.x is a microsoft-provisioned DHCP address for nodes that cannot communicate with a valid DHCP server.

So one has to ask why they are using them?

Link to comment
Share on other sites

2 hours ago, Marcos said:

You should avoid assigning the same IP address to multiple devices in your network. Are all configured to get the IP address automatically from a DHCP server?

Thank you Marcos for your response,

I don't have 169.254.x.x network in my environment but getting notification

Link to comment
Share on other sites

15 minutes ago, Hpoonis said:

IP range 169.254.x.x is a microsoft-provisioned DHCP address for nodes that cannot communicate with a valid DHCP server.

So one has to ask why they are using them?

The message is annoying some times so I've blocked this network in Eset security management center and deployed the policies to all users but still getting this message,

Do my network compromise in anyways?

what are other possible ways to block this network,

 

Link to comment
Share on other sites

  • Administrators

Obviously you have devices with such IPs that collide. In case of duplicate IP addresses in a network you may encounter issues; it's important to notify the user when such situation occurs.

Please enable advanced network protection logging under tools -> diagnostics, then wait until duplicate IP addresses are detected, then disable logging, collect logs with ESET Log Collector and provide me with the generated archive.

Link to comment
Share on other sites

  • 2 weeks later...

I get these all the time and I definitely don't have any actual  duplicate IP addresses on my network.

What seems to confuse ESET is when devices have more than one interface. So I have some NAS devices that have two network interfaces and if I plug a cable into both of them then I get the duplicate IP warnings continuously even though each interface has it's own MAC and IP address.

Similarly I have a TV with both a wired and wireless network connection, again entirely different MAC and IP addresses, but I get duplicate IP addresses reported all the time for that, always reported as src and dest as both IP1 or IP2. I also get the odd ARP poisoning attack notification as well for the same IPs so I don't think ESET is very good at handling these kind of scenarios.

I can't see an easy way of just telling ESET that these specific instances aren't real and to ignore any further occurrences. If anyone know's how to do that via the remote management UI I'd be grateful.

Link to comment
Share on other sites

  • Administrators

I assume you should be able to create IDS exceptions for the IP addresses used by devices with two network adapters.

Link to comment
Share on other sites

The Eset firewall doesn't recognize the APIPA: https://www.pcmag.com/encyclopedia/term/37858/apipa assigned address range; i.e. 169.254.xxx.xxx. Personally, I think its a bug.

In any case if the router or gateway is assigning APIPA addresses to devices, it is indicative of a problem with the DHCP server.

Link to comment
Share on other sites

  • 3 weeks later...

Maybe your computer have two network adapter, maybe an ethernet and a wifi. Sometimes ESMC show the wrong ip, maybe you have a correctly wifi  connection and a APIPA assigned to ethernet, in this case ESMC show the ethernet ip and not the wifi ip. I see this problem more times.

Link to comment
Share on other sites

  • 4 weeks later...

Hi,

 

I have the same problem. It showes ip addresses that don't exist.

internal loop os some kind.

Any ideas?

Link to comment
Share on other sites

  • Administrators

If you are able to reproduce it, enable advanced network protection logging in the advanced setup -> tools -> diagnostics, reproduce the detection, disable logging, collect logs with ESET Log Collector and upload the generated archive here.

Link to comment
Share on other sites

37 minutes ago, Marcos said:

If you are able to reproduce it, enable advanced network protection logging in the advanced setup -> tools -> diagnostics, reproduce the detection, disable logging, collect logs with ESET Log Collector and upload the generated archive here.

Having the same issue here. Attached era-diagnostic-logs too

era-diagnostic-logs_2019-10-14_15-29-24.zip

Link to comment
Share on other sites

  • Administrators
4 minutes ago, mxp said:

Having the same issue here. Attached era-diagnostic-logs too

era-diagnostic-logs_2019-10-14_15-29-24.zip 2.39 MB · 2 downloads

In this case advanced network protection logging was not enabled in the Diagnostics section:

image.png

Link to comment
Share on other sites

1 hour ago, DHC said:

Hi,

I have the same problem. It showes ip addresses that don't exist.

internal loop os some kind.

Any ideas?

If the IP addresses being shown fall into this range, 169.254.x.x, there is most likely a problem with the DHCP server on your gateway. If internal network addresses cannot be assigned via DHCP, Windows will assign temporary IP addresses in this range, 169.254.x.x.

Edited by itman
Link to comment
Share on other sites

42 minutes ago, itman said:

If the IP addresses being shown fall into this range, 169.254.x.x, there is most likely a problem with the DHCP server on your gateway. If internal network addresses cannot be assigned via DHCP, Windows will assign temporary IP addresses in this range, 169.254.x.x.

in my case, the showed IP is "192.168.12.94"

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...