Re: Win XP IP address hijack?

[Dimitry Andric <dim () xs4all nl>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2001-12-14 at 23:03:14 Burton@SNS wrote:

BS> Historically for Microsoft's multiple-user operating systems (e.g.
BS> Windows NT and Windows 2K), those messages are in the event log,
BS> not a console alert.  Did you check there?

If you are logged in as an administrator, you will definitely get a
console alert, something like the following (on Win2k):

"Windows - System Error : The system has detected an IP address
conflict with another system on the network. Network operations on
this system may be disrupted as a result. More details are available
in the system event log. Consult your network administrator
immediately to resolve the conflict."

And an event log entry is indeed created, both for the above console
alert, and another one from the TCP/IP driver:

"The system detected an address conflict for IP address 192.168.0.1
with the system having network hardware address 12:34:56:78:9A:BC.
Network operations on this system may be disrupted as a result."

Note that this last log entry specifies the hardware address of the
conflicting machine.

Cheers,
- --
Dimitry Andric <dim () xs4all nl>
PGP Key: http://www.xs4all.nl/~dim/dim.asc
Fingerprint: 7AB462D2CE35FC6D42394FCDB05EA30A2E2096A3
Lbh ner abj va ivbyngvba bs gur QZPN

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i
Comment: http://www.gn.apc.org/duncan/stoa_cover.htm

iQA/AwUBPBp6MrBeowouIJajEQKNHACeMCEVHxhnPW8vrgX5KWku8Nmk3IsAniWh
xIMyof4vP6zCz72CoJJx6BCQ
=d2Ho
-----END PGP SIGNATURE-----