Hacking and sabotaging
Recently I have noticed that my computer will randomly loose connection to the network. Today it happened three times, when I looked in the event viewer this is what I found:
`The DHCP Client service was successfully sent a stop control.`
This done by another user in my office and on my network.
Does this mean that this person is hacking into my system and remotely cutting off my network connections?
Software/Hardware used:
Software/Hardware used:
ASKED:
April 9, 2008 9:04 PM
UPDATED:
July 11, 2008 5:50 PM
Answer Wiki:
====================
Original answer by Labnuke99 that seems to have been somehow overwritten
Stopping the DHCP client service by itself should not disconnect your device from the network. However, if that person's login has the appropriate authority through their user credentials (local or domain administrator) they could easily shutdown any or all services on your computer. DHCP is used to request/register IP addresses for client devices. A device typically keeps its assigned IP address until it is powered off or the lease has completely expired.
I don't know if you might have been doing some type of non-business activity to warrant whatever this other person <b>might</b> have done to break your network access. I would suggest that you ask them what they were doing on the network to possibly create the issues you are describing. I would also recommend having someone from IT with you during the conversation to help understand what is being said.
====================
You don't give any specific details about your network, so I have to assume it's a corporate setting. If so, someone who has access to the servers on your network could execute remote commands, in this case the command "sc stop DHCP."
This could also indicate someone trying to take advantage of a known vulnerability in the DHCP Client Service, that's detailed in <a href="http://www.securiteam.com/cves/2006/CVE-2006-2372.html">CVE-2006-2372</a> "Vulnerability in DHCP Client Service Could Allow Remote Code Execution (MS06-036)." The giveaway is that you say it was done by another user on your network. The vulnerability requires that: "For an attack to be successful the attacker must send the affected host a specially crafted DHCP response communication from the same network subnet."
You should immediately download and apply the patch to your system; the various versions are listed in the article linked to above.
You can not simply disable DHCP Client service even if you assign a static address because dhcp client service is used also for registering dns name regardless is it static or dynamic addressing in place.
Hope this helps.
You can keep up with various security issues at <a href="http://itknowledgeexchange.techtarget.com/security-corner">Security Corner</a>.
To see all answers submitted to the Answer Wiki: View Answer History.
If you are worried the attakc is happening at the moment, you may be able to stop the person in his tracks by going to Start>Run>cmd>ipconfig /release. A short while later you would want to enter ipconfig /renew to return functionality. These commands will release the DNS, and apply for a new IP lease. It may happen that if your files are stored on a network drive, you will enter ipconfig /renew and nothing will happen…don’t panic. Type in the command prompt cd C:\ and then try the ipconfig /renew command. That may or may not work; if it does, GREAT, if it doesn’t still don’t panic. Simply navigate to C:\WINDOWS\system32\cmd.exe through my computer and then enter the command. This isn’t a permanent fix, but it could easily give you more insight into the situation.