Iana Ping Me Every Time I Plug The Line Into My Computer?


Recommended Posts

every time i plug in the LAN into my computer,"iana" will ping 255.255.255.255 which seems to be located on my computer,and the source is :172.24.1.* ,where * is mutiple hits at the same time. i don't know if this is normal,so i banned the range 172.16.0.0 to 172.31.255.255 on the fire wall settings.

and it seems now that my my DHCP is not working ok, My ip can not be automatic assiened : (

is it normal to receive icmp from these adresses above?

PS: 1 :how can i close 224.0.0.* communications on my computer?? and keep 239.255.250 away from my arp?

2:and if i saw a user like "spid"+ number ,(the number changes) making a big operation list on the SQL server on my machine,in several minutes,but 3 or 5 times in 3 days,and saw some very very unusuall agressive querries in the list,could i track back who the hell is "spid"?! i can not copy out the log from my SQL,does this indicate that my computer is totally fried? is it safe to ping the computer named spid? and why my sql log the computer name rather than it's ip address?

3: can i make my arp list as clean as possible,i.e,left only my gateway?beacuse strange things keep hapening to my computer.is it nessary for my DHCP server to appear in my arp table? because i was sending data to unknown adresses,may be a router,may be a ARP tech based lan tool software,and may be a virus infected computer or even the virus ,but i just want this not to happen.

and could it possible that my DHCP server was infected by some virus??? look,the unknown user logged into my sql many times,and this is not so funny.and what if this is not a human but a virus still on my machine or in the local network? and this is also why i am so eager to keep my arp table as clean as possible : (

Link to post
Share on other sites
every time i plug in the LAN into my computer,"iana" will ping 255.255.255.255 which seems to be located on my computer,and the source is :172.24.1.* ,where * is mutiple hits at the same time. i don't know if this is normal,so i banned the range 172.16.0.0 to 172.31.255.255 on the fire wall settings.

and it seems now that my my DHCP is not working ok, My ip can not be automatic assiened : (

is it normal to receive icmp from these adresses above?

255.255.255.255 is the local broadcast address. 172.16/12 is reserved for private use. Odds are that 255.255.255.255 'pings' are DHCP traffic and the source is your DHCP server. IOW, you filtered your own network.

PS: 1 :how can i close 224.0.0.* communications on my computer?? and keep 239.255.250 away from my arp?

Filter multicast traffic and stick Post-it on your monitor so you'll know what to undo.

2:and if i saw a user like "spid"+ number ,(the number changes) making a big operation list on the SQL server on my machine,in several minutes,but 3 or 5 times in 3 days,and saw some very very unusuall agressive querries in the list,could i track back who the hell is "spid"?!

"spid <number>" is probably a session ID. If this is MS SQL, you can use the sp_who stored procedure to look up the user and host associated with the session.

3: can i make my arp list as clean as possible,i.e,left only my gateway?beacuse strange things keep hapening to my computer.

ARP usually isn't responsible for strange things.

is it nessary for my DHCP server to appear in my arp table?

It's going to, regardless.

and could it possible that my DHCP server was infected by some virus???

There's no reason to believe that it is, but, sure, it's possible.

look,the unknown user logged into my sql many times,and this is not so funny.and what if this is not a human but a virus still on my machine or in the local network?

Then you have another problem.

Link to post
Share on other sites
255.255.255.255 is the local broadcast address. 172.16/12 is reserved for private use. Odds are that 255.255.255.255 'pings' are DHCP traffic and the source is your DHCP server. IOW, you filtered your own network.

it is a ms-sql server and i do not know where the problem is so i have banned my DHCP from pinging me.i am afraid that it brings in some other ARP adress.and i think i am going to send packages to every arp adress in this table .yet i can not confirm if the sql was injected by human hand or automated virus,and what if the virus take advantage of the arp table to spread? i am in a local network,and the computers are many.at least i need to confirm where the attack was lanched,to know who should i put into black list.i can not just ban the whole word and sink all the data passby,even worse,i am thinking some one faked a set of servers in the local network to do unauthorised data interception,because if i understand corectly,our gateway should BE well firewall protected.

Link to post
Share on other sites
it is a ms-sql server and i do not know where the problem is so i have banned my DHCP from pinging me.i am afraid that it brings in some other ARP adress.

Why are you afraid of that?

yet i can not confirm if the sql was injected by human hand or automated virus

Have you considered the possibility that it's completely benign? Do you know what whatever it was was doing?

and what if the virus take advantage of the arp table to spread?

Nearly everything you can do on a network takes advantage of the ARP table.

at least i need to confirm where the attack was lanched,to know who should i put into black list.

You need to confirm that you've been attacked first.

well,this is what happens: as soon as i allowed my DHCP to ping in,another adress which seems to be in our local ip-range pinged in too.so i got the "UNKNOWN OBJECT" in my arp table.what the F..??

I have no idea what that means. What do you mean "ping in" and what are you using to view the ARP table?

Link to post
Share on other sites
Have you considered the possibility that it's completely benign? Do you know what whatever it was was doing?

so you are indicating the server should be accessed by someone,or some thing i completely unknow 5 times in 3 days? and the data should be modified?what if there are massive data inside this server? i am working with an none safe tool to store my data?this is a PC,not a com or org server.which means there should not be a targeted visit.and this is what bothers me a lot.

Why are you afraid of that?

well ,when seeing 2 people coming up to you ,one you've already known and the seconed you do not know,with out any official introdution,will you trust the second guy?

PS:you people all use linux?

Edited by lantance
Link to post
Share on other sites
so you are indicating the server should be accessed by someone,or some thing i completely unknow 5 times in 3 days?

So you figured out what user owned the sessions you saw in the log?

and the data should be modified? what if there are massive data inside this server? i am working with an none safe tool to store my data?

The server should be secured and backed up.

well ,when seeing 2 people coming up to you ,one you've already known and the seconed you do not know,with out any official introdution,will you trust the second guy?

The ARP table maps layer 3 addresses onto layer 2 addresses. That's it. Having an entry in the table doesn't imply that a host is trusted.

PS:you people all use linux?

Not everyone, no. In any case, I think everyone here uses Windows.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...