MAC Addresses coming up as unavailable

yellowbluegreenyellowbluegreen Member Posts: 11
10 Comments 5 Likes Name Dropper Photogenic
edited January 2020 in Fing App

Also there appears to be a device pretending to be my Mac book which I've removed multiple times that keeps reappearing. Initially it was coming up with the exact same name (Voldemort's Mac book air) so I uncapitalised the V in Voldemort on my Mac book which it then copied. I renamed the one I believe to be my real Mac book on the fing app so I can now tell them apart.

I reset my router last night and changed the name and password of my network two weeks ago and haven't shared it with anyone.

When I check the ports on my router from the fing app it looks as though there's thousands open. Is this normal?

Lastly, when I factory reset my router it reverts to the last network name and password I had. I contacted my ISP about this as I thought it seemed to defeat the purpose of a factory reset but they assured me it's normal. Is this normal?

I have very little knowledge in this area (which is probably quite apparent lol). Any advice would be much appreciated.

Thanks in advance 🙏





kltaylor

Answers

  • MarcMarc Moderator, Beta Tester Posts: 2,165
    100 Answers 1000 Comments 500 Likes 250 Agrees
    ✭✭✭✭✭✭
    edited October 2019
    @yellowbluegreen, it looks like the router is remotely managed and stores it’s configuration in the cloud as well.  I am imagining the vendor considers this a convenience in case you need to replace it, data is not lost.  That could also explain why your account and password settings come back after a reset.  
    As to why the phantom system keeps appearing, some routers clone a systems MAC and impersonate the router with it.  Could be why but I’m not convinced.  @Robin@Pooh, @kltaylor, @Hronos, any ideas?
    Thats Daphnee, she's a good dog...
    yellowbluegreenVioletChepil
  • yellowbluegreenyellowbluegreen Member Posts: 11
    10 Comments 5 Likes Name Dropper Photogenic

    Also, maybe a day ago I was adjusting what comes up in the sidepane in finder, either under connected serves or bonjour computers (I know nothing about either) noticed it said there was a PC with a random number as it's name connected. Then while going through my settings trying not to freak out I saw whatever this is (smbd?) had full disk access which I revoked


  • MarcMarc Moderator, Beta Tester Posts: 2,165
    100 Answers 1000 Comments 500 Likes 250 Agrees
    ✭✭✭✭✭✭
    Are you sharing files or printers with any windows machines on your network?  See this..  https://discussions.apple.com/thread/1125437
    Thats Daphnee, she's a good dog...
    yellowbluegreen
  • yellowbluegreenyellowbluegreen Member Posts: 11
    10 Comments 5 Likes Name Dropper Photogenic

    I've got an HP printer which I bought about a month ago and have been using via Bluetooth off my phone. I'm pretty sure I haven't installed HP software on my Mac so far but will double check. I definitely don't recall granting anything full disk access other than Etrecheck a while ago.

  • yellowbluegreenyellowbluegreen Member Posts: 11
    10 Comments 5 Likes Name Dropper Photogenic

    This is what comes up for the mac address for all devices




  • yellowbluegreenyellowbluegreen Member Posts: 11
    10 Comments 5 Likes Name Dropper Photogenic
    edited October 2019

    This is the only information showing for the phantom laptop. Also the hostname for my actual Mac book is showing as my phone's name (the ✨😈etc emojis


  • MarcMarc Moderator, Beta Tester Posts: 2,165
    100 Answers 1000 Comments 500 Likes 250 Agrees
    ✭✭✭✭✭✭
    I'm at a loss...  I'm hoping one of the others on this forum can help...
    Thats Daphnee, she's a good dog...
    yellowbluegreenVioletChepil
  • yellowbluegreenyellowbluegreen Member Posts: 11
    10 Comments 5 Likes Name Dropper Photogenic

    No worries, appreciate your help Marc.

    VioletChepil
  • PoohPooh Member, Beta Tester Posts: 674
    500 Likes 500 Comments 25 Answers 100 Agrees
    ✭✭✭✭✭
    edited October 2019

    Just as an FYI; smbd is the Windows file sharing daemon that is part of the samba implementation.


    IIRC it comes out the box configured with full disk access.

    People say nothing is impossible, but I do nothing every day.
    VioletChepilyellowbluegreen
  • yellowbluegreenyellowbluegreen Member Posts: 11
    10 Comments 5 Likes Name Dropper Photogenic
    edited October 2019

    Ok cool, I didn't know that Mac books come with it preconfigured and thought Etrecheck was the only software I'd seen previously under full drive access. I'll google samba also.

    Thanks

  • MarcMarc Moderator, Beta Tester Posts: 2,165
    100 Answers 1000 Comments 500 Likes 250 Agrees
    ✭✭✭✭✭✭
    edited October 2019

    The mac shouldn’t come with it preconfigured and running. For example mine is not running it. Something would have caused it to be used. Probably nothing nefarious, just some piece of software or agent that needed it.

    Thats Daphnee, she's a good dog...
    kltayloryellowbluegreen
  • VioletChepilVioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    @yellowbluegreen I'm just inquiring on some follow-up information with the team and we'll be back shortly with more details from @Robin

    Community Manager at Fing

    yellowbluegreen
  • kltaylorkltaylor Moderator, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    Marc said:
    @yellowbluegreen, it looks like the router is remotely managed and stores it’s configuration in the cloud as well.  I am imagining the vendor considers this a convenience in case you need to replace it, data is not lost.  That could also explain why your account and password settings come back after a reset.  
    As to why the phantom system keeps appearing, some routers clone a systems MAC and impersonate the router with it.  Could be why but I’m not convinced.  @Robin@Pooh, @kltaylor, @Hronos, any ideas?
    I would assume the same thing, @Marc , but don't ask my opinion on saving router settings on the manufacturer's server ("cloud").
    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
  • RobinRobin Administrator, Fing Team Posts: 3,760
    250 Answers 2500 Comments 500 Likes 100 Awesomes
    admin
    Hi @yellowbluegreen
    First, Can you confirm if you have Fingbox or not? If you don't, then Can you make please make sure all permissions especially location permissions are enabled for the Fing App? After checking the permissions, can you remove the same device and then run the scan again if the same device appears or not.
    Robin (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
    kltaylorVioletChepilyellowbluegreen
  • kltaylorkltaylor Moderator, Beta Tester Posts: 1,231
    1000 Comments 500 Likes 50 Answers 100 Awesomes
    ✭✭✭✭✭✭
    Good questions to ask, @Robin

    "There's a fine line between audacity and idiocy."
    -Warden Anastasia Luccio, Captain
    VioletChepilyellowbluegreen
  • MarcMarc Moderator, Beta Tester Posts: 2,165
    100 Answers 1000 Comments 500 Likes 250 Agrees
    ✭✭✭✭✭✭
    edited October 2019
    kltaylor said:
    Marc said:
    @yellowbluegreen, it looks like the router is remotely managed and stores it’s configuration in the cloud as well.  I am imagining the vendor considers this a convenience in case you need to replace it, data is not lost.  That could also explain why your account and password settings come back after a reset.  
    As to why the phantom system keeps appearing, some routers clone a systems MAC and impersonate the router with it.  Could be why but I’m not convinced.  @Robin@Pooh, @kltaylor, @Hronos, any ideas?
    I would assume the same thing, @Marc , but don't ask my opinion on saving router settings on the manufacturer's server ("cloud").
    Yea, there are some cloud manage gear features I stay away from.  The ability to manage my NAS and Router.  Local access and control is just fine thank you very much Western Digital and Linksys.  ;)
    Thats Daphnee, she's a good dog...
    kltaylorVioletChepilHronosyellowbluegreen
  • yellowbluegreenyellowbluegreen Member Posts: 11
    10 Comments 5 Likes Name Dropper Photogenic
    edited October 2019

    Hi @Robin

    I don't have a Fingbox yet. I'll check the permissions then remove it and rescan now then give an update on how it goes.

    Thanks heaps

    kltaylor
  • yellowbluegreenyellowbluegreen Member Posts: 11
    10 Comments 5 Likes Name Dropper Photogenic
    edited October 2019

    I went to the permissions and changed location from 'while using' to 'always' and noticed recognise devices wasn't on so I turned that on too. I removed it then rescanned and it's still there. For the first half second it was back up after rescanning it came up as 'generic' before going back to the name 'voldermorts-air'


    kltaylor
  • yellowbluegreenyellowbluegreen Member Posts: 11
    10 Comments 5 Likes Name Dropper Photogenic
    edited October 2019

    😧 I re-read your comment and saw you said ALL permissions and realised I hadn't turned on privacy mode, just re did it with it on and it came up 'generic' then 'VOLDERMORT etc' in capitals then first letter capitalisation all within a second. Now when I click on it a lot more is coming up in the info like mac address while my other devices still have no mac address. Below is a screenshot of the phantom one with the mac address vs my real mac and it's name changing while the scan loaded


    kltaylor
  • VioletChepilVioletChepil London, UKMember Posts: 2,471
    100 Answers 500 Likes 1000 Comments 100 Agrees
    ✭✭✭✭✭✭
    Hello @yellowbluegreen

    I've checked in with multiple team members and have some more tips/information for you. 

    We can pin this down to device identification issues. Since iOS 11 - device ID is based on random MACs and thus not reliable. 
    https://help.fing.com/knowledge-base/cant-fing-see-mac-addresses-ios-11/

    Fing App can't detect by MAC address devices without Fingbox - and thus when a device changes IP addresses - the customizations get mixed up. In iOS 11 and above, Apple implemented MAC address randomization - and this seems like an effect of that. 
    So seems that the MAC address customizations got dropped when the device changed IP. 

    What can we do about it?
    - We're working on a more reliable means of device ID for this case - which we're currently testing with Fingbox users. https://community.fing.com/discussion/1121/improved-device-recognition-for-fingbox-users-testers-needed#latest 
    - If you follow beta testing category here:  https://community.fing.com/categories/announcements You'll get notified if/when that beta test comes to Fing App.

    - We're developing a PC/MAC version of Fing App to help mitigate this too. (Also like above, beta testing would be posted in that category). Device ID will be much improved on PC/MAC version of Fing App.  
    - In the meantime, we suggest that you enter as many details as possible about the device to improve Fing algorithms for device ID 
    - It will be best that you use Fingbox and soon Fing Desktop for the best device ID possible. 
    I hope this helps!
    Cheers,
    Violet

    Community Manager at Fing

    kltayloryellowbluegreenRobin
  • yellowbluegreenyellowbluegreen Member Posts: 11
    10 Comments 5 Likes Name Dropper Photogenic

    Hey all,

    Thought I'd update this as I just got to the bottom of the issue after installing malwarebytes. It turns out it was osx.birdminer using my computer for cryptomining 😯 lol. https://securityaffairs.co/wordpress/87422/malware/bird-miner-cryptominer.html

    Thanks everyone for helping me to try and figure it out.

    Cheers

    Ciaran
  • CiaranCiaran Administrator Posts: 1,092
    1000 Comments 250 Likes 50 Answers 100 Awesomes
    admin
    @yellowbluegreen thank you for coming back with the feedback :smile:happy new year
    Ciaran (Admin at Fing)
    Getting Started? Please refer to Community guidelines & Community User Guides("Helping Hand"). HAPPY POSTING!!!
    yellowbluegreen
Sign In or Register to comment.