?
Solved

Determine who or what is on my home network, with MAC and IP

Posted on 2013-12-17
4
Medium Priority
?
314 Views
Last Modified: 2013-12-27
I have a older Linksys router, I have it set to only allow my MAC addresses I add to it but when looking at the DHCP leases I see a MAC address with a IP that I don't recognize and is not in my MAC filter list.

Is there a way I can determine exactly what this device is or if it is someone that should not be connected? I have broadcasting disabled too, and WPA2.

I tried RDP and web browsing to the IP but could not connect. I don't think the IP would ping either.

P.S. Something else I need to add it I just installed a Intel Dual Band Wifi AC Adapter that is also a Blue Tooth receiver. I dind't really check before installing the card and when setting up the new MAC I noticed the DHCP lease that I didn't recognize. Is there a chance that could be from the Blue Tooth card?
0
Comment
Question by:REIUSA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 668 total points
ID: 39724298
You should check the first half of the MAC address against the OUI registration of IEEE. http://standards.ieee.org/develop/regauth/oui/public.html, and that should tell the brand of the NIC.
0
 
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 664 total points
ID: 39724795
Bear in mind an experience attacker may detect your wireless network, even when you are not broadcasting the service set ID (SSID).  They can also observe authorized clients authenticating, and spoof their own MAC address to match.

As a next step in identifying devices, I suggest you try Nmap as an OS fingerprinting and port scanning tool.  This tool will automatically lookup the OUI registration for you, identify open ports, probe those ports/services to identify an OS, grab service banners, etc.  So in situations where the MAC is spoofed, you can often confirm the underlying OS-- if all ports are not blocked/closed (which an experienced attacker would also do.)

Bear in mind ICMP may be disabled (ping not permitted) but other ports are open and services are listening.  Use the -Pn switch to skip PING tests when using Nmap.

Additionally, make sure you disable Wi-Fi Protected Setup (WPS).
0
 
LVL 32

Accepted Solution

by:
Kamran Arshad earned 668 total points
ID: 39726013
There are many discovery applications that can help you in this regard. Just give them the network range and they will discover devices. Some of the applications are;

1- Spiceworks www.spiceworks.com
2- Kaboodle   www.kaboodle.org

They will let you know what type of device it is.
0
 

Author Comment

by:REIUSA
ID: 39732554
Great, thanks for the tips. I will run some of these tools and see what's going on.

In the event it is a external device is there anything I can do to stop them or block them? I odn't think my router will allow me to block and filter MAC's at the same time.
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question