new private network notification?

d_stroyer · October 27, 2011, 11:43pm

ok…so I have been using comodo for a little while now, but I saw something today that I wasn’t sure what it was. I usually just leave my computer running but last night I decided to suspend it. When i woke it up, I got an alert saying my computer was trying to connect to a new private network. So i wrote down the IP it gave me to check it out. I went to whatsmyip.com and saw what my IP was, which is different than what the alert showed. I typed in the IP address from my comodo alert and it just said it is a local IP address. I’m confused?

Radaghast · October 28, 2011, 12:32am

Can you tell us the IP address that was given when you received the notification, I’m guessing it may have started 169.254..?

doc_holliday · November 8, 2011, 5:41pm

(I hope posting on this thread doesn’t violate forum rules…first time poster)

I have a very similar situation, which I think may be tied to a rootkit infection.

OS: WinXP Pro SP3 / Comodo (free) firewall

“New Private Network 169.254.x4x.yx / 255.255.0.0”

What can be done about this or is it OK?

doc_holliday · November 8, 2011, 5:49pm

OK - maybe this is the answer:

"No worry. Your PC was simply temporarily unable to renew an ip public address with the DHCP server and the Windows feature of automatic private IP addressing (APIPA) assigned itself temporarily an address in the range 169.254... As soon as the DHCP server will be reachable, you’ll get a public IP address as usual.:

smithjw1982 · November 13, 2011, 6:53pm

d_stroyer,
The address your seeing, is it a 169.254.x.x address? If so see my comment to Doc. If it is a 127.x.x.x address that your loopback adapter (again nothing to worry about). If the address your seeing is something like 192.168.x.x or 10.x.x.x then its likely on your local network. Have you put any new devices on your network? Do you have a wireless network? If so, it is possible someone connected to your wireless network and attempted to communicate with your computer. Either scenario could cause Comodo to show up with that alert.

whatsmyip.com will show you your external or real IP address (assigned by your Internet Provider). If ipconfig shows a different IP than whatsmyip.com then you are likely sitting behind a router or other type of NATing device. If the IP address in ipconfig is the same as the IP address in the alert, you can safely disregard it. Otherwise, can you give us the first 2 octects (i.e. 192.168.x.x)

Doc,
Your correct that it is a APIPA address and I would not worry about it unless your seeing other alerts. You mentioned it maybe tied to a rootkit infection. What makes you think that? Are you seeing other alerts or other weird things happening to your computer?

doc_holliday · January 19, 2012, 11:13pm

Yes, I had rootkits, which I have since removed…