Can malware change IP address on Windows XP machine

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have a network of seven Windows XP machines that all belong to the same
workgroup. As such, their IP addresses are in the same range (ie. 168.0.0.1
through 168.0.0.254). Several machines started dropping off the network
after an unauthorised user was allowed by one of the authorised users to use
her computer.

When I check the IP addresses of the machines that can no longer access the
network, they have been changed to be in the 168.0.1.1 through 168.0.1.254
range. Obvioulsy, they will not talk to the other machines on the network.

Even though the unauthorised user was only on one mavhine in the network,
could they have executed any malware on the network that would cause the IP
addresses of other macines on the network to change? If so, how can I stop
this from happening in the future?

Thanks!
 
I have a network of seven Windows XP machines that all belong to the same
workgroup. As such, their IP addresses are in the same range (ie. 168.0.0.1
through 168.0.0.254). Several machines started dropping off the network
after an unauthorised user was allowed by one of the authorised users to use
her computer.

When I check the IP addresses of the machines that can no longer access the
network, they have been changed to be in the 168.0.1.1 through 168.0.1.254
range. Obvioulsy, they will not talk to the other machines on the network.

Even though the unauthorised user was only on one mavhine in the network,
could they have executed any malware on the network that would cause the IP
addresses of other macines on the network to change? If so, how can I stop
this from happening in the future?

Thanks!
Click to expand...

The IP addresses that you listed aren't valid for use on a local area
network, and using them could block access to some Internet sites..
Instead of starting with 168.0, they should start with 192.168.

I suspect that there's an unauthorized DHCP server running on the
network. Some computers are getting their IP addresses from it, and
some are getting their IP addresses from the original, authorized DHCP
server. See if someone has connected an unauthorized broadband router
to the network.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Thank you for your help. I actually quoted the wrong IPs. They are in the
192.168.0 range. However, several of them are in the 192.168.1 range. I
have a router on the network and a wireless router on the network. Could
both be acting as DHCP servers? If so, how would I check.

Thank you!
 
laxman said:
Thank you for your help. I actually quoted the wrong IPs. They are
in the
192.168.0 range. However, several of them are in the 192.168.1 range.
I
have a router on the network and a wireless router on the network.
Could
both be acting as DHCP servers? If so, how would I check.
Click to expand...

Yes, and that's probably what's causing the issue. You will need to
disable DHCP on one of the devices. Go into either one's configuration
to do this. Most routers are accessed by typing their IP address into a
browser's addressbar from a computer that is wired into one of the
router's lan ports. Refer to the router manual for details. If you no
longer have the manual, go to the router mftr.'s website and read the
manual there.

Malke
 
Thank you for your help. I actually quoted the wrong IPs. They are in the
192.168.0 range. However, several of them are in the 192.168.1 range. I
have a router on the network and a wireless router on the network. Could
both be acting as DHCP servers? If so, how would I check.
Click to expand...

Run "ipconfig /all" on each computer, and compare the output.
<http://nitecruzr.blogspot.com/2005/05/reading-ipconfig-and-diagnosing.html>
http://nitecruzr.blogspot.com/2005/05/reading-ipconfig-and-diagnosing.html
 
Thank you for your help. I actually quoted the wrong IPs. They are in the
192.168.0 range. However, several of them are in the 192.168.1 range. I
have a router on the network and a wireless router on the network. Could
both be acting as DHCP servers? If so, how would I check.

Thank you!
Click to expand...

You're welcome!

Both routers are acting as DHCP servers, so the computers are getting
addresses in two different, incompatible IP address ranges.

Do you need both routers? If possible, remove the first router and
use only the wireless router.

That might not be possible. For example, the wireless router might
not have enough Ethernet ports, by itself, for all of the computers
that need wired connections. In that case, configure the wireless
router as a wireless access point and network switch, disabling its
routing capability:

1. Disable the wireless router's built-in DHCP server.

2. Change its LAN IP address to a value in the 192.168.0.x range, but
outside the pool of addresses assigned by the first router's DHCP
server. For example, if the first router assigns
192.168.0.2-192.168.0.100, use 192.168.0.254.

3. Connect the first router to a LAN port on the wireless router.
Don't connect anything to the WAN (Internet) port on the wireless
router.
--
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)

Please post any reply as a follow-up message in the news group
for everyone to see. I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.

Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com
 
Back
Top