0

I'm having this weird problem in my network after a power loss (few seconds) but all my network equipment has UPS and it was working fine when the power was out.

Soon after the power was back I couldn't access my internet and when I tried to do the nslookup it returns something like this

C:\Users\Administrator>nslookup
Default Server:  UnKnown
Address:  fe80::1

> google.com
Server:  UnKnown
Address:  fe80::1

Name:    google.com
Address:  10.9.100.100

> google
Server:  UnKnown
Address:  fe80::1

Name:    google
Address:  1.1.1.1

Wireshark packet captured for that event. - (https://i.stack.imgur.com/yF15t.png)

I really don't know how my computer know 10.9.100.100 and 1.1.1.1 (It's nothing there)

I have multiples vlans on my core switch (SG500)

  1. Client - VLAN X - 10.1.1.x/24
  2. IP Phone - VLAN Y - 192.168.x.x/16
  3. Public Client - VLAN Z - 10.9.100.x/24

The port that i'm using has VLAN X and VLAN Y in the same port (Hybrid mode on 3com switch - access switch)

Current resolution is disable IPv6 from my local area connection.

This is my Local area connection (I have vmware/virtualbox installed) and IP address/Gw/DNS are static.

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::7890:2a9f:b81c:2a1f%11
   IPv4 Address. . . . . . . . . . . : 10.1.1.207
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.1.1.1

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::a818:fbb5:f940:bb96%14
   IPv4 Address. . . . . . . . . . . : 192.168.56.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::20f6:6352:de0b:fa24%19
   IPv4 Address. . . . . . . . . . . : 192.168.152.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Ethernet adapter VMware Network Adapter VMnet8:

       Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::810c:4a64:b675:1e63%20
   IPv4 Address. . . . . . . . . . . : 192.168.172.1
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :

Does my computer has malware ? this event also effect some others windows7/windows8 (now around 5-10 from 100s) computer on my network as well.

user1243099
  • 1
  • 1
  • 2

1 Answers1

0

I have found what's causing the problem.

There's one ADSL router connected to my VLAN X and it has IP address of 10.9.100.100 and IPv6 of fe80::1. This router is also response to IPv6 DHCP request and windows 7 is default to IPv6 so that's why i'm having this weird event.

user1243099
  • 1
  • 1
  • 2
  • It would appear the developers of the router firmware don't know what they are doing. The address `1.1.1.1` should not have existed in their firmware in the first place. Who knows which other bad decisions exist in that firmware? – kasperd Mar 14 '15 at 14:05