This topic was closed yesterday
I’m having the same problem on Windows 10. My network connection keeps going down every 5 minutes and I see that my External IP address is set to some Cloudflare IP address(s). It alternates between a cloudflare IP and my real IP. And every time it bounces to a Cloudflare IP address, my networking goes down.
Yes, I’m using the same Network Gadget as the other poster and no, it’s not broken (or rather, it’s broken in a GOOD way as this is the only utility that detects the bogus IP). It doesn’t just pull random Cloudflare IP’s out of nowhere.
I also noticed that I’ve got bogus MAC addresses listed on my router’s DHCP table. About 15 of them. They all begin with 1a:d6:c7 and then random after that. That prefix is not in the MAC database. BUT, if you change a to an 8, you have TP-Link. That’s too similar to be a coincidence, It’s gotta be something Evil.
Most of the connections from the MAC’s are called “Wireless Device(nn)”. but one of them is mapped to MY Computer and my CURRENT INTERNAL IP ADDRESS (.104) Then I have another DHCP entry from my machine, also active, that has a different IP address (.175) that is attached to my REAL MAC address, my EDUP USB adapter. But ipconfig says I’m .104, not .175.
So it sure looks like somthing is creating bogus devices, requesting IP’s and inserting itself between my machine and my network adapter by swapping around network interfaces. And whatever it is, it appears to be hosted by cloudflare.
My IP address has been 22.214.171.124 for a few days so if some Admin there wants to see where my connections are landing, be my guest. I’m probably going to bite the bullet and do a partial reinstall. First I’m going to remove all my adapter interfaces.
I did find one suspicious service running(?) that had the WinRing0 library compiled into it. It put itself in appdata/local/temp but I could not find the process running nor could I find the process that had the file open - I only saw it listed in autoruns.exe (sysinternals). And when I removed it with brute force (on reboot) it re-created a new .tmp file in the same path until I nuked “WinRing0” from the registry. The network problem persists, though.
I do not use any cloudflare services except for a few sites I visit.