Jump to content

schmak01

Members
  • Posts

    3
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. If it helps, we were able to fix this by looking at my hosts file. I hadn't looked at it since I ran TRON a few weeks past, and it looks like Spybot Search and destroy put a ton of entries for MSFT related sites to 0.0.0.0. We removed those entries, and so far so good. Over 24 hours now and no more IP changes.
  2. Just another fun example from this morning, trying to go to the same internal URL I went to in the previous post: Web Protection ON: Pinging server.domain.com [127.42.0.28] with 32 bytes of data: Request timed out. General failure. General failure. General failure. Ping statistics for 127.42.0.28: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), And after I immediately turned web protection off, no other changes: Pinging server.domain.com [10.40.x.x] with 32 bytes of data: Reply from 10.40.x.x: bytes=32 time=3ms TTL=124 Reply from 10.40.x.x: bytes=32 time=3ms TTL=124 Reply from 10.40.x.x: bytes=32 time=3ms TTL=124 Reply from 10.40.x.x: bytes=32 time=2ms TTL=124 Ping statistics for 10.40.x.x Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 2ms, Maximum = 3ms, Average = 2ms Please keep in mind these are not the internet/externally available IP addresses and DNS entries, these are all from my internal DNS server. Malwarebytes is overriding the local DNS with inaccurate IP addresses, or it's internal DNS cache is getting corrupted.
  3. I am having the same issue on windows 10... So this started happening about a month ago and I finally got to the point in troubleshooting I could pinpoint where the issue is. Randomly it seems, local internal network DNS entries were getting modified to completely random IP addresses. For example, I would have a web server at 10.40.x.x and all of a sudden I get 404 errors, and when I ping, the IP would be 10.21.x.x or a different subnet within our network. After examining my domain controllers and DNS, I found they are translating the IP correctly, but the bad one is coming from a loopback IP of 127.42.x.x. So in troubleshooting, I decided to turn off Malwarebytes web protection, which appears to be running a local proxy server and doing some DNS filtering. As soon as I turn it off, I don't even have to flush the DNS cache, the pings return the correct IP from the domain controllers/DNS servers. Is there a setting somewhere, where I can tell it NOT to override IP addresses for local domains? I don't want to turn this off every time I come to the office just so I can continue to browse to internal resources without issue. EDIT: I am using 3.0.6 on Windows 10 Pro Creators, Production Ring. Here is an example: Webprotection is off: Pinging server.domain.com [10.40.x.x] with 32 bytes of data: Reply from 10.40.x.x: bytes=32 time=3ms TTL=124 Webprotection turned right back on: Pinging server.domain.com [127.42.0.0] with 32 bytes of data: Reply from 10.40.x.x: bytes=32 time=3ms TTL=124 30 min after webprotection turned on: Pinging server.domain.com [127.42.0.1] with 32 bytes of data: Reply from 10.21.x.x bytes=32 time=1ms TTL=127 It's doing something completely wonky with the DNS with a local DNS proxy associated with WebProtection. I have my entire domains excluded, but that doesn't seem to help.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.