Unknown IP addresses

Hope this is easy (and hope this is the right place). Comodo 5.3.181415.1237 / Vista 32 Home Premium
Have had Comodo for a while and it has worked pretty well.
In the last 2-3 days I have received popups from Comodo telling me a new network has been found (I think that’s what it says), and asks me for a response.
Two of those IPs are 192.168.16.1 and 169.254.13.150. My modem is 192.168.1.xxx. One of these, I think, is associated with my cell.
I have searched for these IPs and found nothing. Any way to determine what these IPs are and if I can “Allow?”

192.168.16.1 I assume is your PC?

Addresses in 169.254.0.1 - 169.254.254.255 are assigned by APIPA. When DHCP has problems assigning an internal IP address, it will assign an IP address in the APIPA range. I assume that is your cell phone? I have never connected a cell phone through my PC but I would imagine that your going to have to assign a static IP address to it to bypass any DHCP activity.

Best thing to do is run this command ipconfig /all from a command prompt window and post your results. For security reasons, please change any shown MAC addresss to 00-00-00-00-00-00 or eliminate them althogether.

Sorry for going off topic, but what’s wrong with posting a MAC address publicly? Sure it’s unique, but what information could possibly be gleaned from knowing it?

"Hide your MAC Address from hackers, government agencies, your ISP, WiFi networks, online games, and more! Anyone with the right tools can track your Internet activity if they know your MAC Address. Public Wireless Access Points are all over, some less secure than others. Every time you open your laptop, it automatically attempts to contact to wireless networks, regardless if you use WEP/WPA Encryption. Fool MAC-based ACLs (Access Control Lists) by cloning the MAC address of a computer that is already authorized to use a WiFi network. Don’t let your MAC Address to get out in the open"

MAC address exploits require the attacker to be on the same network as the machine to be exploited. As the OP appears to be behind some kind of router, this is unlikely.

Whilst it is possible to retrieve the MAC address remotely, certain vulnerabilities need to exist in the router or other gateway device for these methods to be used.

Whilst it is possible to retrieve the MAC address remotely, certain vulnerabilities need to exist in the router or other gateway device for these methods to be used.

Last stats I saw showed over 50% of routers hacked or with known vulnerabilities. For home routers, I would expected a much higher figure. I think the statement “your safe behind a router” is rapidly becoming obsolete.

192.168.16.1 I assume is your PC?
Well, as I understand my router, 192.168.1.1 is the router and 192.168.1.21 is the PC.

Addresses in 169.254.0.1 - 169.254.254.255 are assigned by APIPA. I assume that is your cell phone? Again, according to the router, my cell is reserved at 192.168.1.4 and the ip on the cell is 1.4.

Best thing to do is run this command ipconfig /all from a command prompt window and post your results.

Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.

C:\Users\xxxxx>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Host
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Host:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Gigabit Network Connection
Physical Address. . . . . . . . . : MAC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.21(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, July 14, 2011 6:41:12 AM
Lease Expires . . . . . . . . . . : Friday, July 15, 2011 6:41:11 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{000000000000000}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : MAC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Just out of curiosity, what kind of connection does your cell have to the PC/router?

If I understand the question . . . wireless to the router. I think I know the router allows the PC and cell to ‘talk’ to one another. FWIW, PC is connected to router by cat5.

I am going to be on vacation for two weeks so hopefully someone else will pick up on this.

Are you running XP SP3? Your ipconfig output looks different than my WIN 7 output.

My isatap output looks like this using “x” to hide my actual addresses:

Tunnel adapter isatap.{xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxx}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-x0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

I have no Teredo entry but I am physically blocking the tunnel using Comodo recommnded firewall rules.

Do you have a network printer attached to you PC or anything else attached you did not mention?

As DonZ mentioned earlier, the alerts you’re seeing for the address range 169.254.x.x/255.255.0.0 are addresses assigned by a process called Automatic Private IP Addressing (APIPA). Essentially, when a DHCP client, for whatever reason, fails to find a DHCP server, from which to lease an IP address, an address form the aforementioned range is assigned. As far as CIS is concerned, this represents a new network, hence the alert.

The 192.168.16.1 address is a little more tricky, as it’s an address from a range that is commonoly used for home networks, such as yours. Your home network has the address range:

192.168.1.1 to 192.168.1.254 with a subnet mask or 255.255.255.0

This unknown address appears to have the address range:

192.168.16.1 to 192.168.16.254 - 255.255.255.0

Which again, according to CIS is a different network. The question is, where is it coming from. This question is partially what promoted my query regarding your cell.

I think it’s unlikely your router settings are changing, although, can you tell me how your router is configured, i.e. is it an access point, wireless distribution point, bridge… The PC has a wired connection. So, I can’t see how that would be a candidate. That leaves your cell or some other local device.

OK, here is what I think I know.
Netgear router. Two Engenius devices set as APs wired - cat5 - to the router.
wireless devices - laptop, Android phone, iPhone which doesn’t show on the router with an IP, HP wireless printer.
Other wired devices - 2 TVs, Synology NAS, Wii (which has no IP on the router).
I think that is all.
FWIW, intermittently I have networks showing on the cell phones that are networks of neighbors.
Without looking, I think the only device with a reserved IP is the Android.
One, possibly significant, observation. I’ve had Comodo for a year or two and it has worked well. These Comodo popups for new networks only started in the last week and I have made no changes I know of except IP reservation for the Android.