NewbiefromNJ 0 Posted September 25, 2020 Share Posted September 25, 2020 Hello, I have many computers, mobile devices and IOT devices in my home, but the two Windows 10 laptops that have ESET Smart Security (v13.2.18.0 as of this writing) continue to both receive the same notifications: Network Event Blocked. Duplicate IP on Network. A Computer (169.254.1.1) on the network is sending malicious traffic. This can be an attempt to attack your computer. Remote address: 169.254.1.1. Continue Blocking / Allow Could someone please help me troubleshoot this and get to the root of the issue? Is this an ESET issue or is there really something wrong with my network. I have other devices with different security software, yet none of them show any errors at all. My network does not have a device with this IP address. Google search states IP address 169.254. 1.1 is likely assigned by the host itself. This occurs when a Windows machine has been configured for DHCP but for whatever reason are unable to contact the DHCP server. Microsoft term for this is Automatic Private Internet Protocal Addressing (APIPA). ISP: Xfinity (Comcast) Modem: Purchased my own. Netgear Nighthawk CM1150V (compatible w/ Xfinity) Mesh Network: (1) Synology RT2600ac Mesh Wi-Fi router with (2) Synology MR2200ac additional Wi-Fi Points extending coverage. DHCP server: enabled IPv6: enabled and setup as DHCPv6-PD I can provide any logs and/or information you may need. The Synology router management system is ridiculously easy to configure and it currently states my network is healthy with no issues. Thanks in advance! Link to comment Share on other sites More sharing options...
itman 1,746 Posted September 26, 2020 Share Posted September 26, 2020 (edited) 14 hours ago, NewbiefromNJ said: My network does not have a device with this IP address. Google search states IP address 169.254. 1.1 is likely assigned by the host itself. This occurs when a Windows machine has been configured for DHCP but for whatever reason are unable to contact the DHCP server. Microsoft term for this is Automatic Private Internet Protocal Addressing (APIPA). ISP: Xfinity (Comcast) Modem: Purchased my own. Netgear Nighthawk CM1150V (compatible w/ Xfinity) Mesh Network: (1) Synology RT2600ac Mesh Wi-Fi router with (2) Synology MR2200ac additional Wi-Fi Points extending coverage. DHCP server: enabled IPv6: enabled and setup as DHCPv6-PD The issue here lies with how you have set up the Xfinity (cable modem I assume) connection to Netgear router. To begin, DHCP controls the assignment of DNS servers within your network. If DHCP cannot complete this assignment successfully, it will revert to assignment of an address within the APIPA IP address range, 169.254.xxx.xxx, as the assigned DNS server. Note that APIPA addresses are internal IP addresses and are not externally rout-able. DHCP will also keep trying to assign a DNS server IP address periodically. I would begin by consulting with Comcast or their applicable documentation that you have properly set up their provided modem to interface with the Netgear router. In most instances, this involves setting the modem to "bridge" or pass through mode allowing all incoming network traffic to pass unimpeded to the Netgear router. Edited September 26, 2020 by itman Link to comment Share on other sites More sharing options...
itman 1,746 Posted September 26, 2020 Share Posted September 26, 2020 (edited) According to this: https://www.xfinity.com/support/articles/broadband-gateways-userguides , Comcast issues hybrid cable modem plus routers/gateways; not modems. So again, it is crucial all network traffic is passing unimpeded through the Comcast router to the Netgear router. Also, it appears Comcast allows you to use your own router versus theirs. Is that what you are doing? If so, it must be properly configured to connect to Comcast network DNS servers. Some info on the DHCP handshake processing that I believe will be helpful. All routers have a dedicated firmware area locally referred to as a IPv4 and if supported, an IPv6 DNS server. When entering "Ipconfig /all" from a command line prompt window, this IP address shows in the DNS Server area displayed. Of note is this is not a real DNS server but rather a high speed cache area that contains resolved DNS IP address to domain name data. The actual DNS resolution is being performed on the ISP DNS servers or if so configured, third party DNS servers. This data is then downloaded to the local device DNS server; i.e. memory cache, area. During the DHCP handshake processing performed at system startup and/or user sign on time, network connection linkage is established between the local device "DNS server/s" and the ISP or third party DNS servers. Edited September 26, 2020 by itman Link to comment Share on other sites More sharing options...
NewbiefromNJ 0 Posted September 26, 2020 Author Share Posted September 26, 2020 Thank you so much for taking the time to help me! I reviewed your recommendations and I have confirmed that Netgear CM series model modems are only modems. My modem is a Netgear Nighthawk CM1150v. So no bridge mode. The modem has No built-in router like functions like the C series modems. That's a great thing... as it helps with my process of illimitation. On to the router. So then this means that I now simply need to confirm that my router is properly configured to connect to Comcast network DNS servers, correct? I will start doing my research to see what Comcast DNS servers in Jersey are. Link to comment Share on other sites More sharing options...
itman 1,746 Posted September 27, 2020 Share Posted September 27, 2020 14 hours ago, NewbiefromNJ said: On to the router. So then this means that I now simply need to confirm that my router is properly configured to connect to Comcast network DNS servers, correct? Yes. The Synology router must be properly setup. In this setup video for it: https://www.synology.com/en-us/products/RT2600ac , there is a section showing DHCP settings and the like. This is the area you need to concentrate on. When the ISP provides the router, DHCP is preconfigured including the IP addresses for the ISP DNS servers. Link to comment Share on other sites More sharing options...
Helpme 0 Posted September 28, 2020 Share Posted September 28, 2020 I'm getting these notifications as well and am completely tech illiterate about the suggestions above. Can I ignore these notifications, or is my computer performance being impacted by how Eset is trying to handle it? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,250 Posted September 28, 2020 Administrators Share Posted September 28, 2020 1 hour ago, Helpme said: I'm getting these notifications as well and am completely tech illiterate about the suggestions above. Can I ignore these notifications, or is my computer performance being impacted by how Eset is trying to handle it? You should find out which devices have duplicate IP addresses and then determine the reason. Do they both have automatic IP address assignment by a DHCP server enabled or they have static IP addresses set? Link to comment Share on other sites More sharing options...
itman 1,746 Posted September 28, 2020 Share Posted September 28, 2020 1 hour ago, Helpme said: I'm getting these notifications as well Are you receiving this notification? Network Event Blocked. Duplicate IP on Network. A Computer (169.254.1.1) on the network is sending malicious traffic. This can be an attempt to attack your computer. Remote address: 169.254.1.1. Continue Blocking / Allow Link to comment Share on other sites More sharing options...
Recommended Posts