Solved

Determine who or what is on my home network, with MAC and IP

Posted on 2013-12-17
4
307 Views
Last Modified: 2013-12-27
I have a older Linksys router, I have it set to only allow my MAC addresses I add to it but when looking at the DHCP leases I see a MAC address with a IP that I don't recognize and is not in my MAC filter list.

Is there a way I can determine exactly what this device is or if it is someone that should not be connected? I have broadcasting disabled too, and WPA2.

I tried RDP and web browsing to the IP but could not connect. I don't think the IP would ping either.

P.S. Something else I need to add it I just installed a Intel Dual Band Wifi AC Adapter that is also a Blue Tooth receiver. I dind't really check before installing the card and when setting up the new MAC I noticed the DHCP lease that I didn't recognize. Is there a chance that could be from the Blue Tooth card?
0
Comment
Question by:REIUSA
4 Comments
 
LVL 68

Assisted Solution

by:Qlemo
Qlemo earned 167 total points
ID: 39724298
You should check the first half of the MAC address against the OUI registration of IEEE. http://standards.ieee.org/develop/regauth/oui/public.html, and that should tell the brand of the NIC.
0
 
LVL 14

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 166 total points
ID: 39724795
Bear in mind an experience attacker may detect your wireless network, even when you are not broadcasting the service set ID (SSID).  They can also observe authorized clients authenticating, and spoof their own MAC address to match.

As a next step in identifying devices, I suggest you try Nmap as an OS fingerprinting and port scanning tool.  This tool will automatically lookup the OUI registration for you, identify open ports, probe those ports/services to identify an OS, grab service banners, etc.  So in situations where the MAC is spoofed, you can often confirm the underlying OS-- if all ports are not blocked/closed (which an experienced attacker would also do.)

Bear in mind ICMP may be disabled (ping not permitted) but other ports are open and services are listening.  Use the -Pn switch to skip PING tests when using Nmap.

Additionally, make sure you disable Wi-Fi Protected Setup (WPS).
0
 
LVL 32

Accepted Solution

by:
Kamran Arshad earned 167 total points
ID: 39726013
There are many discovery applications that can help you in this regard. Just give them the network range and they will discover devices. Some of the applications are;

1- Spiceworks www.spiceworks.com
2- Kaboodle   www.kaboodle.org

They will let you know what type of device it is.
0
 

Author Comment

by:REIUSA
ID: 39732554
Great, thanks for the tips. I will run some of these tools and see what's going on.

In the event it is a external device is there anything I can do to stop them or block them? I odn't think my router will allow me to block and filter MAC's at the same time.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now