RE: [H] Server changes ip addy
did you by any chance set Internet connection sharing on the server ? this is the only thing I can see that would change the ip. fp At 01:12 PM 7/18/2007, DHSinclair Poked the stick with: >At 15:37 07/18/2007 -0400, you wrote: > >>Well by config I meant like how is your server configured? Static IP? > >For my home LAN the server has a static ip set in tcp/ip in the 10.0.0.x >series. > >>Static DHCP IP? > >I'll assume this happens when I dialup to my isp only. > >>Do you set your IP at start up or is it done via config >>(applies to linux only). > >the ip addy was set 2 years ago. changed it back in Feb 07 when doing >my prelims for broadband. no change since this past glitch. > >>But what did your IP change to? > >the ip addy changed to 192.168.0.1. > >>Have you lost >>connectivity from your ISP or from your networking hardware at all? > >No, never; unless I loose the phone service. And, even after the ip addy >changed, I was still able to dial out and connect to the www. got 3 vdef >updates from eset.com. > >The only way I stumbled on the problem is when I opened NetNeighborhood at >one of my LAN clients and saw that all the clients except "srv" was present. >Went back to "srv" and found its' ip addy changed! Most odd. >Best, >Duncan > > >> >> >>Thanks, >>-- >>Ali Mesdaq >>Security Researcher II >>Websense Security Labs >>http://www.WebsenseSecurityLabs.com >>-------------- >> >>-Original Message- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] On Behalf Of DHSinclair >>Sent: Wednesday, July 18, 2007 12:28 PM >>To: The Hardware List >>Subject: RE: [H] Server changes ip addy >> >>Ali, >>using win2k server os at sp4 and all current winUpdates. >>please explain "ip configuration your using"? >> >>on-board intel 82557 nic. original ip was 10.0.0.x/255.255.255.0. >>connection to www is via 56k dialup via courier external and DUN. >>HTH, >>Duncan >>At 13:12 07/18/2007 -0400, you wrote: >> >>>What OS, version, ip configuration your using, etc. >>> >>>Thanks, >>>-- >>>Ali Mesdaq >>>Security Researcher II >>>Websense Security Labs >>>http://www.WebsenseSecurityLabs.com >>>-- >>> >>>-Original Message- >>>From: [EMAIL PROTECTED] >>>[mailto:[EMAIL PROTECTED] On Behalf Of DHSinclair >>>Sent: Wednesday, July 18, 2007 10:05 AM >>>To: Hardware Group >>>Subject: [H] Server changes ip addy >>> >>>Is there some function in a server, or, some external malicious code >>>that can cause a server to change its' assigned ip address to some >>>other address? >>> >>>Somehow my server's ip addy got changed ~2200hrs last Monday and it >>>took me about 36hrs to find (stumble on actually!) the changed ip addy. >> >>>Very odd. >>> >>>The server is now changed back and scanned for virus/malware. None >>>found. >>>Best, >>>Duncan >>snip >> >> >>This email scanned for Viruses and Spam by ZCloud.net >> >> >> >> >>__ NOD32 2405 (20070718) Information __ >> >>This message was checked by NOD32 antivirus system. >>http://www.eset.com > > >This email scanned for Viruses and Spam by ZCloud.net -- Tallyho ! ]:8) Taglines below ! -- Remember, the paper is strongest at the perforations.
RE: [H] Server changes ip addy
At 15:37 07/18/2007 -0400, you wrote: Well by config I meant like how is your server configured? Static IP? For my home LAN the server has a static ip set in tcp/ip in the 10.0.0.x series. Static DHCP IP? I'll assume this happens when I dialup to my isp only. Do you set your IP at start up or is it done via config (applies to linux only). the ip addy was set 2 years ago. changed it back in Feb 07 when doing my prelims for broadband. no change since this past glitch. But what did your IP change to? the ip addy changed to 192.168.0.1. Have you lost connectivity from your ISP or from your networking hardware at all? No, never; unless I loose the phone service. And, even after the ip addy changed, I was still able to dial out and connect to the www. got 3 vdef updates from eset.com. The only way I stumbled on the problem is when I opened NetNeighborhood at one of my LAN clients and saw that all the clients except "srv" was present. Went back to "srv" and found its' ip addy changed! Most odd. Best, Duncan Thanks, -- Ali Mesdaq Security Researcher II Websense Security Labs http://www.WebsenseSecurityLabs.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DHSinclair Sent: Wednesday, July 18, 2007 12:28 PM To: The Hardware List Subject: RE: [H] Server changes ip addy Ali, using win2k server os at sp4 and all current winUpdates. please explain "ip configuration your using"? on-board intel 82557 nic. original ip was 10.0.0.x/255.255.255.0. connection to www is via 56k dialup via courier external and DUN. HTH, Duncan At 13:12 07/18/2007 -0400, you wrote: >What OS, version, ip configuration your using, etc. > >Thanks, >-- >Ali Mesdaq >Security Researcher II >Websense Security Labs >http://www.WebsenseSecurityLabs.com >-- > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of DHSinclair >Sent: Wednesday, July 18, 2007 10:05 AM >To: Hardware Group >Subject: [H] Server changes ip addy > >Is there some function in a server, or, some external malicious code >that can cause a server to change its' assigned ip address to some >other address? > >Somehow my server's ip addy got changed ~2200hrs last Monday and it >took me about 36hrs to find (stumble on actually!) the changed ip addy. >Very odd. > >The server is now changed back and scanned for virus/malware. None >found. >Best, >Duncan snip This email scanned for Viruses and Spam by ZCloud.net __ NOD32 2405 (20070718) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com This email scanned for Viruses and Spam by ZCloud.net
RE: [H] Server changes ip addy
Well by config I meant like how is your server configured? Static IP? Static DHCP IP? Do you set your IP at start up or is it done via config (applies to linux only). But what did your IP change to? Have you lost connectivity from your ISP or from your networking hardware at all? Thanks, -- Ali Mesdaq Security Researcher II Websense Security Labs http://www.WebsenseSecurityLabs.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DHSinclair Sent: Wednesday, July 18, 2007 12:28 PM To: The Hardware List Subject: RE: [H] Server changes ip addy Ali, using win2k server os at sp4 and all current winUpdates. please explain "ip configuration your using"? on-board intel 82557 nic. original ip was 10.0.0.x/255.255.255.0. connection to www is via 56k dialup via courier external and DUN. HTH, Duncan At 13:12 07/18/2007 -0400, you wrote: >What OS, version, ip configuration your using, etc. > >Thanks, >-- >Ali Mesdaq >Security Researcher II >Websense Security Labs >http://www.WebsenseSecurityLabs.com >-- > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On Behalf Of DHSinclair >Sent: Wednesday, July 18, 2007 10:05 AM >To: Hardware Group >Subject: [H] Server changes ip addy > >Is there some function in a server, or, some external malicious code >that can cause a server to change its' assigned ip address to some >other address? > >Somehow my server's ip addy got changed ~2200hrs last Monday and it >took me about 36hrs to find (stumble on actually!) the changed ip addy. >Very odd. > >The server is now changed back and scanned for virus/malware. None >found. >Best, >Duncan snip This email scanned for Viruses and Spam by ZCloud.net
RE: [H] Server changes ip addy
Ali, using win2k server os at sp4 and all current winUpdates. please explain "ip configuration your using"? on-board intel 82557 nic. original ip was 10.0.0.x/255.255.255.0. connection to www is via 56k dialup via courier external and DUN. HTH, Duncan At 13:12 07/18/2007 -0400, you wrote: What OS, version, ip configuration your using, etc. Thanks, -- Ali Mesdaq Security Researcher II Websense Security Labs http://www.WebsenseSecurityLabs.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DHSinclair Sent: Wednesday, July 18, 2007 10:05 AM To: Hardware Group Subject: [H] Server changes ip addy Is there some function in a server, or, some external malicious code that can cause a server to change its' assigned ip address to some other address? Somehow my server's ip addy got changed ~2200hrs last Monday and it took me about 36hrs to find (stumble on actually!) the changed ip addy. Very odd. The server is now changed back and scanned for virus/malware. None found. Best, Duncan snip This email scanned for Viruses and Spam by ZCloud.net
RE: [H] Server changes ip addy
What OS, version, ip configuration your using, etc. Thanks, -- Ali Mesdaq Security Researcher II Websense Security Labs http://www.WebsenseSecurityLabs.com -- -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of DHSinclair Sent: Wednesday, July 18, 2007 10:05 AM To: Hardware Group Subject: [H] Server changes ip addy Is there some function in a server, or, some external malicious code that can cause a server to change its' assigned ip address to some other address? Somehow my server's ip addy got changed ~2200hrs last Monday and it took me about 36hrs to find (stumble on actually!) the changed ip addy. Very odd. The server is now changed back and scanned for virus/malware. None found. Best, Duncan This email scanned for Viruses and Spam by ZCloud.net