?
Solved

Determine who or what is on my home network, with MAC and IP

Posted on 2013-12-17
4
Medium Priority
?
318 Views
Last Modified: 2013-12-27
I have a older Linksys router, I have it set to only allow my MAC addresses I add to it but when looking at the DHCP leases I see a MAC address with a IP that I don't recognize and is not in my MAC filter list.

Is there a way I can determine exactly what this device is or if it is someone that should not be connected? I have broadcasting disabled too, and WPA2.

I tried RDP and web browsing to the IP but could not connect. I don't think the IP would ping either.

P.S. Something else I need to add it I just installed a Intel Dual Band Wifi AC Adapter that is also a Blue Tooth receiver. I dind't really check before installing the card and when setting up the new MAC I noticed the DHCP lease that I didn't recognize. Is there a chance that could be from the Blue Tooth card?
0
Comment
Question by:REIUSA
4 Comments
 
LVL 72

Assisted Solution

by:Qlemo
Qlemo earned 668 total points
ID: 39724298
You should check the first half of the MAC address against the OUI registration of IEEE. http://standards.ieee.org/develop/regauth/oui/public.html, and that should tell the brand of the NIC.
0
 
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 664 total points
ID: 39724795
Bear in mind an experience attacker may detect your wireless network, even when you are not broadcasting the service set ID (SSID).  They can also observe authorized clients authenticating, and spoof their own MAC address to match.

As a next step in identifying devices, I suggest you try Nmap as an OS fingerprinting and port scanning tool.  This tool will automatically lookup the OUI registration for you, identify open ports, probe those ports/services to identify an OS, grab service banners, etc.  So in situations where the MAC is spoofed, you can often confirm the underlying OS-- if all ports are not blocked/closed (which an experienced attacker would also do.)

Bear in mind ICMP may be disabled (ping not permitted) but other ports are open and services are listening.  Use the -Pn switch to skip PING tests when using Nmap.

Additionally, make sure you disable Wi-Fi Protected Setup (WPS).
0
 
LVL 32

Accepted Solution

by:
Kamran Arshad earned 668 total points
ID: 39726013
There are many discovery applications that can help you in this regard. Just give them the network range and they will discover devices. Some of the applications are;

1- Spiceworks www.spiceworks.com
2- Kaboodle   www.kaboodle.org

They will let you know what type of device it is.
0
 

Author Comment

by:REIUSA
ID: 39732554
Great, thanks for the tips. I will run some of these tools and see what's going on.

In the event it is a external device is there anything I can do to stop them or block them? I odn't think my router will allow me to block and filter MAC's at the same time.
0

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question