Having random devices show up on my network. Any ideas how to identify them?





Joe
Answers
-
Hi @Joedavis44, welcome to our community.
Something that you can do is obtain the MAC address and then issue a search for that information to determine who the manufacturer is. Fing has such a tool that can accomplish that for you.
Also, my preferred method would be to block the said device and then wait to see who 'yells'. By yells I mean to see if someone asks why they can no longer access the internet, or even when you attempt the same.
On my network, if I do not recognize the device, even after looking up the MAC address and doing some sleuthing, blocking it has the effect that I need. Turn it off and when you encounter a device that cannot access the internet, you've likely found the culprit."There's a fine line between audacity and idiocy."
-Warden Anastasia Luccio, Captain0 -
-
Hi @Joedavis44 & @Eman
Thanks for your post. Can you confirm if you have multiple access points in your network like multiple extenders/routers?
Robin (Admin at Fing)
Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!1 -
@Eman:
Doing a Google search provided me with the following information:Port 8888 TCP
Sun Answerbook - DWhttpd Server
Sun Answerbook server, or more commonly an alternative HTTP port
Sun Answerbook is a documentation system built by Sun Systems, allowing on-line retrieval of documentation such as Administration, Developer and User manuals for their software.
However, the protocol is depreciated by Sun and no longer in use, more commonly TCP/8888 is actually used as an alternative port to HTTP which runs on port TCP/80. Usually this is done as either a very crude and basic form of security, or something like a web server is already running and bound to Port 80, and therefore an easier to remember alternative port must be used.
Socks Proxy: https://www.socks-proxy.net/
How do you change a system to get rid of open port 1080?
What system are you talking about? A PC, a server, a firewall? This question is impossible to answer without more specific information.In general, there should be configuration parameters for all the TCP ports. You simply need to find the appropriate file or tool to turn the port off.
For reference, port 1080 is typically used for SOCKS.
According to the SOCKS FAQ, "SOCKS is a networking proxy protocol that enables hosts on one side of a SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring direct IP reachability. SOCKS redirects connection requests from hosts on opposite sides of a SOCKS server. The SOCKS server authenticates and authorizes the requests, establishes a proxy connection and relays data. SOCKS is commonly used as a network firewall that enables hosts behind a SOCKS server to gain full access to the Internet while preventing unauthorized access from the Internet to the internal hosts."
Do either of these sound familiar in any way? As in, do you recall systems or protocols being configured for these services?
"There's a fine line between audacity and idiocy."
-Warden Anastasia Luccio, Captain0 -
Robin,
My topology is this: Fiber into a Juniper box (not sure what to call that, a modem?), connected directly to a single Luxul router. This router is the DHCP server for everything. Only devices connected to the Router are a 24 port Luxul switch, and the FingBox. Off the 24 port switch are most of the hardwire lines throughout the house, and an additional 10 port Luxul Managed switch and a Luxul WAP controller. There are seven Luxul WAPs managed by the WAP controller, but all seven are plugged into the 24 port switch. Is that what you are looking for?
Joe0 -
Robin,
Here is the first page of the MAC addresses of the random devices. I have used online MAC lookup tools and gotten nothing on these.BlockedBlockednullDA:B7:96:25:20:80BlockedBlockednull5A:57:0C:5C:0E:D1BlockedBlockednull2A:75:37:AD:03:87BlockedBlockednull4A:E4:0F:93:32:2DBlockedBlockednullFA:09:3E:D9:6F:41BlockedBlockednull86:D4:70:86:D5:9CBlockedBlockednull96:20:57:F9:C6:4FBlockedBlockedAlertednullB2:EE:C0:19:EA:5EBlockedBlockednull22:99:A9:48:14:41BlockedBlockednull1E:7D:AA:8C:68:76BlockedBlockednullFA:AD:60:2D:FF:F8BlockedBlockednullDE:07:C0:EE:D6:04BlockedBlockednullF6:44:02:DB:A4:F1BlockedBlockednull26:11:F4:EC:09:D0BlockedBlockednull02:32:22:A5:2B:8F0 -
Robin,
Here's another page. I'll stop there.BlockedBlockednull66:5E:03:D4:CC:ABBlockedBlockednullBE:37:0C:2F:F5:B6BlockedBlockednull7E:53:19:AC:3F:01BlockedBlockednull3E:C4:36:6D:A3:8FBlockedBlockednull96:7E:70:52:8A:5CBlockedBlockednull4E:2E:A1:0D:44:7ABlockedBlockednullFE:62:5C:E2:7D:7EBlockedBlockednullC2:5C:74:46:72:30BlockedBlockednullF2:18:BF:04:A3:71BlockedBlockednullAE:E8:03:49:D2:57BlockedBlockednullFA:F1:61:A9:21:30BlockedBlockednullAE:F9:8C:51:8F:CFBlockedBlockednullC2:C4:6E:9D:DE:CFBlockedBlockednullEE:34:CF:49:A9:BEBlockedBlockedApple00:25:00:36:82:010 -
Yes @Robin, he has multiple WAP's on the network.
@Joedavis44 it's interesting that all of the MAC addresses that you posted are listed as 'null' with one exception. (NOTE: the MAC address for the Apple device does resolve when you research it on a MAC vendor site.)
What are the timelines on those notifications? How often do they happen in sequence? Are you receiving notifications every minute, hour, etc?"There's a fine line between audacity and idiocy."
-Warden Anastasia Luccio, Captain0 -
I am usually getting one or two new devices a day joining the network. Interestingly I was just looking at the history on these and almost all of them join the network for 15 minutes, then drop off, then never come back, even if I haven't blocked them.0
-
Here's a shot in the dark. I have a QNAP NAS on my network. As i looked at security issues with my network I noticed that my NAS had opened up a TCP port in my router. Surprised me so looked a little more and it appears the NAS standard setup is to make the files on your NAS available to you remotely through their QNAP Cloud. I am a little bit nerdy, but not network techy enough to understand the implications of this. Was wondering if the device connections I am seeing are coming through this open port and could be either some QNAP diagnostic or someone trying to get into my network through the QNAP cloud. If that was the case could that manifests as these random connections I am seeing?0
-
Hi @Joedavis44
Can you check the time on which the random device is detected and at the same time if any of your device or NAS was turned on or was active or came back from sleep mode. It will help to isolate if any of your devices are producing this.Robin (Admin at Fing)
Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!0 -
I’ll check the times. I have completely turned off the NAS and while this closed the Open Port the NAS was using, the devices still keep appearing, so my hope of the NAS being the problem source has been proven wrong. I believe all other devices in the house have been accounted for, so not sure what might be “waking up” to cause this.0
-
Do you have any Windows Laptop connected to your network or any VPN connection running on your network?Robin (Admin at Fing)
Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!0 -
Times the devices are coming on are completely random as far as I can tell. No pattern to them.
No Windows devices in my house.
My work laptop is a Mac and does have a VPN to our work network. Could that be the cause?0 -
Hi @Joedavis44
I believe the VPN could be the reason for this issue. Can you try to assign a static MAC address to the VPN connection and then check if it helps? ThanksRobin (Admin at Fing)
Getting Started? Please refer to Community guidelines & Community User Guides. HAPPY POSTING!!!0
Categories
- 5.4K All Categories
- 2.7K Ask about Connected Technology
- How To...
- 998 Devices & Security
- 1.5K Network Troubleshooting & Connectivity
- 111 General Discussion, Weird & Wonderful
- 39 Network Infrastructure
- 5.1K Ask about Fing
- 529 Fing Account Change Request
- 1.1K Fing Desktop
- 1.2K Fing App
- 1.6K Fingbox
- 480 Announcements, Beta Testing & Release Notes
- 151 Community Updates
- 22 Getting started
- 12 Community User Guides