under network intrusions it says there is 1.
application: windows operating sys
actionl blocked
source ip; 169.254.240.51
target: in
protocol;arp
source ip;169.254.240.51
destination 169.254.240.51
any information on this would be appreciated. My router ip is 192 not 169. was in connected to 169??? does this mean i was breached?
Computers use addresses starting with "169.154." when they do not have a manually configured address or when they are not told which address to use by a service on the network. They are commonly called the "link local" addresses. - http://who.is/whois-ip/ip-address/169.254.240.51/
This normally means your computer failed to lease and IP from a DHCP server for your network. For home network this is usually the job of the router.
under command prompt ipconfigall it shows the 192 ip i set my router to. is my computer still running under my protected internet, or am i using someone else’s port?
IP addresses in the 169.254.0.0-169.254.255.255 range are not public IP addresses, but instead reserved for Automatic Private IP Addressing (APIPA) addresses and like the above poster said are usually used when an IP address hasn’t been assigned by the DHCP server (your router).
The entries you’re seeing in your log file though, which are APR in from 169.254.240.51 to 169.254.240.51 is normal in Comodo Firewall V6. In fact you’ll probably see other similar entries, but with other local IP addresses in both the from and to fields (I.E. ARP in from 192.168.1.2 to 192.168.1.2, 192.168.1.3 to 192.168.1.3, etc).
Unfortunately, despite requesting a way to turn off logging for these requests some time ago, Comodo’s priority now-a-days seems to be concentrating on making the interface look pretty, rather than worrying about things like ‘functionallity’, therefore you’ll probably get lots of these entries in the network intrusions log file (especially if you have a few devices on your network), and you’ll just have to put up with it logging them for now.
If you look at the below screenshot you can see similar entries to yours.
[attachment deleted by admin]
Anabna is right - IP#s in that range are what network adapters usually assign themselves if you don’t specify an IP# for them manually or a DHCP server doesn’t assign one to them. They’re supposed to be unrouteable according to Internet Protcol.
I wonder if your computer has multiple network adapters. Maybe a wired and a wireless and you’re only using one at a time? Or you have something like Virtual Box or a VPN client installed that adds in its own virtual network adapter?
I’d expect an “ipconfig /all” to show you the adapter with the 169 address as well as the others.
very interesting, yet informative post. once again i see ‘‘2 network intrusions’’ one is from the 169.254 ip, while the other is my routers 192 ip.since you say it’s normal, i won’t worry. i dont know of any multiple cards or anything, i have a router, a modem, and a laptop :p.
ok i had another question. I just got another network intrusion. it was another ARP blocking. The source ip was my router 192.178.5.3 but the destination ip had a 1 at the end 192.178.5.1.00, but everything else except the 100 was the same.
what gives?
btw, at the same time im getting blocked intrusions(not network intrusions) of program files synaptics trying to access memory…and my internet is acting screwey.
thanks
192.178.5.3 isn’t your router, it’s a Google IP address.
192.178.5.1.00 isn’t a valid IP address, however if you mean 192.178.5.1 or 192.178.5.100, then that’s also a Google IP address (192.178.0.0 - 192.179.255.255 = Google).
Maybe worth you posting a screenshot, as I doubt they’re ARP logs.
I changed the default 192.168 ip when i set up the router. The number matches what is in default gateway when i go to ipconfigon cmmnd prompts.
Could you post the output of “ipconfig /all”
If you’re using public IP addresses locally that could cause issues.