Solved

Determine who or what is on my home network, with MAC and IP

Posted on 2013-12-17
4
313 Views
Last Modified: 2013-12-27
I have a older Linksys router, I have it set to only allow my MAC addresses I add to it but when looking at the DHCP leases I see a MAC address with a IP that I don't recognize and is not in my MAC filter list.

Is there a way I can determine exactly what this device is or if it is someone that should not be connected? I have broadcasting disabled too, and WPA2.

I tried RDP and web browsing to the IP but could not connect. I don't think the IP would ping either.

P.S. Something else I need to add it I just installed a Intel Dual Band Wifi AC Adapter that is also a Blue Tooth receiver. I dind't really check before installing the card and when setting up the new MAC I noticed the DHCP lease that I didn't recognize. Is there a chance that could be from the Blue Tooth card?
0
Comment
Question by:REIUSA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 70

Assisted Solution

by:Qlemo
Qlemo earned 167 total points
ID: 39724298
You should check the first half of the MAC address against the OUI registration of IEEE. http://standards.ieee.org/develop/regauth/oui/public.html, and that should tell the brand of the NIC.
0
 
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 166 total points
ID: 39724795
Bear in mind an experience attacker may detect your wireless network, even when you are not broadcasting the service set ID (SSID).  They can also observe authorized clients authenticating, and spoof their own MAC address to match.

As a next step in identifying devices, I suggest you try Nmap as an OS fingerprinting and port scanning tool.  This tool will automatically lookup the OUI registration for you, identify open ports, probe those ports/services to identify an OS, grab service banners, etc.  So in situations where the MAC is spoofed, you can often confirm the underlying OS-- if all ports are not blocked/closed (which an experienced attacker would also do.)

Bear in mind ICMP may be disabled (ping not permitted) but other ports are open and services are listening.  Use the -Pn switch to skip PING tests when using Nmap.

Additionally, make sure you disable Wi-Fi Protected Setup (WPS).
0
 
LVL 32

Accepted Solution

by:
Kamran Arshad earned 167 total points
ID: 39726013
There are many discovery applications that can help you in this regard. Just give them the network range and they will discover devices. Some of the applications are;

1- Spiceworks www.spiceworks.com
2- Kaboodle   www.kaboodle.org

They will let you know what type of device it is.
0
 

Author Comment

by:REIUSA
ID: 39732554
Great, thanks for the tips. I will run some of these tools and see what's going on.

In the event it is a external device is there anything I can do to stop them or block them? I odn't think my router will allow me to block and filter MAC's at the same time.
0

Featured Post

Webinar: Choosing a MySQL HA Solution

Join Percona’s Principal Technical Services Engineer, Marcos Albe as he presents Choosing a MySQL High Availability Solution on Thursday, June 29, 2017 at 10:00 am PDT / 2:00 pm EDT (UTC-7).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question