Ok just installed NIS 2011 last night. Since then I have rebooted my PC several times. Since the NIS 2011 has just been installed, I've taken to checking the logs to make sure everything is going well.
So when I look at
Firewall-Network and Connections
I see this entry:
Protecting your connection to a newly detected netwrok on adapter "NVIDIA nForce Networking Controller"
IP address 169. 254. 152. xxx (I x'd out these last set of numbers)
When I look up this IP address I cannot find anything about it, where it is from, who it belongs to, if its part of my ISP.
I find nothing at all about it
Now within a minte or less I will then get another reading
Protecting your connection to a newly detected network on adapter "NVIDA nForce Networking controller"
IP address: and then the IP addressed assigned to me by my ISP
Then also that the IP address 169. 254.152 .xxx has disappeared and is no longer being protected
So not sure if this means I'm being "hijacked" to some malicious IP address or what.
Might anyone help me understand this, and if it is malicious/security concern?
Ok just installed NIS 2011 last night. Since then I have rebooted my PC several times. Since the NIS 2011 has just been installed, I've taken to checking the logs to make sure everything is going well.
So when I look at
Firewall-Network and Connections
I see this entry:
Protecting your connection to a newly detected netwrok on adapter "NVIDIA nForce Networking Controller"
IP address 169. 254. 152. xxx (I x'd out these last set of numbers)
When I look up this IP address I cannot find anything about it, where it is from, who it belongs to, if its part of my ISP.
I find nothing at all about it
Now within a minte or less I will then get another reading
Protecting your connection to a newly detected network on adapter "NVIDA nForce Networking controller"
IP address: and then the IP addressed assigned to me by my ISP
Then also that the IP address 169. 254.152 .xxx has disappeared and is no longer being protected
So not sure if this means I'm being "hijacked" to some malicious IP address or what.
Might anyone help me understand this, and if it is malicious/security concern?
It means that you either no longer have that connection, or it is temporarily disabled. The 169 means that it is not working. It is dropped, or "no longer protected" when it does not require the service. Did you have an Xbox or some other game device previously.
Del- No Never had any game system or other device. I have only seen this starting after I installed 2011. It could be maybe something with my ISP? Maybe their connections are having trouble?
It is nothing to worry about. When Windows starts up, it looks for a DHCP server in order to be assigned an IP address. If Windows cannot immediately get an IP address it will assign itself something in the 169.X.X.X range. Once all your networking components are up and running, WIndows will be able to get a "real" IP address that will connect it to the network or the internet. Norton is just logging what Windows does automatically before your computer is able to get an IP address to use.
Try not to check the logs so much, enjoy your computer. NIS will let you know if you have something to worry about.
Please see the follwing MS article and do a page search for "Check whether Windows assigned you an automatic IP address", then expand that section. This will tell you exactly what others have been saying, this IP address is nothing to worry about.
2. so the 169 IP address is not an outside ) address, its just like a default IP address/ID?
1. Yes. I booted 15 minutes ago, and look what was in my log: "Protecting your connection to a newly detected network on adapter "Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller" (IP address: 169.254.33.122)". Yay! Followed right after by a "has disappered" message.
2. Yep. If you want to do a little experiment, pull the network cable from your computer and wait until you get a new IP. Guess what it will be? You're right - the 169.xxx IP, because you can't get a real IP with the network cable unplugged.
When you boot your computer, there is a short period of time where you don't have any Internet connection, and that is when you get the 169.xxx IP. As soon as you do get your Internet connection, the 169.xxx IP is no longer needed and disappears.
Your network card can't have no IP address, and when it can't get a real one for some reason, this is the one it creates for itself.
This happened when you were using NIS 2010 as well - it is just that NIS 2010 didn't have as thorough logging capabilites, so you never saw it logged.
If you're still curious there's a good explanation of static vs. dynamic IP addresses here.
If I recall correctly the "169.254" in 169. 254.152 .xxx is reserved, depending on which protocol and level of encryption your Internet Service Provider (ISP) uses (e.g. IPv4 with a 20-bit block). The "152" is specifically assigned to your ISP, and the final "xxx" makes up the remainder of your dynamic address and changes every time you log into your internet connection.
-------------
Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 6.0.0 HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400 GS
If I recall correctly the "169.254" in 169. 254.152 .xxx is reserved, depending on which protocol and level of encryption your Internet Service Provider (ISP) uses (e.g. IPv4 with a 20-bit block). The "152" is specifically assigned to your ISP, and the final "xxx" makes up the remainder of your dynamic address and changes every time you log into your internet connection.
169.254.x.x addresses are not related to your ISP. In fact, the situation is exactly the opposite. 169.254.x.x is invoked when your operating system is unable to obtain an IP address from your ISP (or your router). Here is a good explanation of how this address comes into play. Note that the article is discussing cases where an IP address cannot be acquired due to technical problems, such as SendOfJive always encounters when trying to add a new PC to a wireless network and the PC cannot get an address from the router). In Calls' case, it is not a problem - it is just Norton beginning to log entries so early that the DHCP server has not yet had time to assign an address.
thanks for further clarification. Now I’m concerned by showing thett my number is 169.254.152.xxx did I disclose information about my computers assigned IP address or mac address, or anything else that would compromise my machine’s security?
I didn't realize there was any special significance to "169.254". I guess I'll just take my dial-up modem and class B "142" octet and go home now.
I have intimate acquaintance with 169.254.x.x, having recently engaged in a battle of wits with an old, problem-prone, wireless adapter that was refusing to find any IP address other than that. I am happy to report that I was eventually able to get it to see the router, although it still likes to flake out on me once in awhile.
