I have a router that makes my LAN set up to the [10.0.0.0 - 10.0.0.255] range.
I believe 10.0.0.0 is the “ISP PC”, and 10.0.0.1 being my router itself.
A while ago, I suddenly got pop-ups from Comodo Firewall telling that there was a new private network available; 169.254.187.57.
At first I just told no, I don’t want to use it.
But I got curious after a while, so I started up Wireshark, and then when I checked the MAC address of the connection,
I saw that it was the one belonging to my neighbor’s laptop (I have given her the WPA password and added the MAC to the MAC filter of my router.)
So… the big question is… WHY does this happen?
She had been using my net for a long while before this.
It started happening… at least several months ago, maybe as much as a year.
It still continues even after she have bought a new laptop.
- almost at the bottom, in the DNS Record Analysis:
It says that fbt.com.tw has 3 different A records,
where the last of them is indeed one that belongs to a private network; 192.168.1.4
My pc’s local IP is 10.0.0.3, my neighbor’s local IP (on MY LAN, that is!) is 10.0.0.9.
After speculating a lot… I came up with a weird thought:
what if my neighbor’s IP at the time immediately after she turns on her laptop
(that is, before she has connected with the WiFi to my router and got her IP from it) is 192.168.1.4
…and that that IP is somewhat… “double-reversed” into 169.254.187.57…?
Like 192.168.1.4 = fbt.com.tw,
then fbt.com.tw = 169.254.187.57
After I clicked “No I don’t wanna use this new private network” I then got questions about
“svchost.exe is trying to receive a connection from the Internet”
- which was again this 169.254.187.57, and port 2869…
(Firewall Security Level = Custom Policy)
I have sat up “Media Streaming is on” in
Control Panel > All Control Panel Items > Network and Sharing Center > Advanced sharing settings
And, when my neighbor’s laptop have the correct 10.0.0.9 local IP assigned,
I also get a lot of those port 2869 connections from her.
So I have a rule for svchost.exe to accept port 2869 to/from all my local IP ranges;
0.0.0.0 and [10.0.0.0 - 10.0.0.255] and [127.0.0.0 - 127.0.0.255]
It’s not an annoyance for me anymore…
…I made global rules in Comodo Firewall, blocking connections from/to 169.254.187.57.
Still, I wonder why this happens?
Have any of you experience with this?