| Unknown computers on local network - cable isp problem? Hi All,
I work from home and I have run into an issue where there are a few 'unknown' (or, as I like to call them, 'rogue') computers showing up on my home network.
I do not believe anything malicious is occurring, but I am trying to figure out why this is happening and how to prevent it.
INFO: My ISP is a local cable company (very local, not a regional or national company), I am running windows 7 and Mac OSX, have a Belkin router (NAT), a LAN and wireless.
On both the windows and mac machines I am seeing these 'unknown' computers on the network. In windows, they appear as 'computers' when I go to Network. I see my personal computers, and then I see up to 3 other computers.
None of which are mine, and none of which have names that I have ever used for a computer that I own.
Here is a screenshot: »avatar12.com/network.jpg - in that example, Blacksmith is the 'unknown' computer. So is 'router', actually... but I am not sure if that is just my Belkin router or not.
Another computer that occasionally shows up is "grandmascomputer" - this sort of makes me think I am, for whatever reason, seeing someone else's home network.
My wireless: My wireless network is protected using WPA/WPA2-Personal (PSK).
I have changed the SSID and Passwords and have looked at my router's DHCP table and the only computers listed there are my personal computers.
I am as certain as I can be that these 'unknown' computers are not piggybacking on my wireless.
More info: I am unable to access to these computers, I am unable to ping them. I am not using a homegroup. I am not, nor have I ever, run hamachi, or any other vpn or network extending software/service.
Any ideas?
The only theory I have is that the local cable company is somehow bridging the networks of its customers and we happen to be on the same segment as these other folks. Is that possible? How could I confirm, and more importantly, how can I prevent? |
|
sk1939Premium
join:2010-10-23
Washington, DC
kudos:9 Reviews:
 ·T-Mobile US
| The only thing I can think of is that a long time ago, most cable operators didn't operate with encryption over their networks. As a result, if you didn't have a router/firewall, it was one giant metro network with everyone in the neighborhood seeing everyone else. Nowadays though, that's extremely rare. What model is your modem? |
|
 EGeezerGo CatsPremium
join:2002-08-04
Midwest
kudos:8 | reply to ADKTech
There are a lot of unknowns in the network configuration, so this is a guess.
It could be that your ISP's router has wireless enabled and you're connecting to it rather than your Belkin.
The first thing I'd do is ensure that you are connecting to your Belkin router and not the ISP's wireless. If you are, see if you can disable the ISP's wireless radio to avoid others piggybacking the connection. It's also possible that you can see other customers on the ISP's network if you're connected directly to their router and not your Belkin.
I don't know about Win7, but suspect that it has a default workgroup name, and the other PCs you see had the same default. In that case, you'd see them, but the Win7 firewall settings would prevent connection to them.
Also, I'd call the ISP to get any remaining questions answered;
»kvvi.net/contact.htm
--
Follow your dreams, except the one where you're naked in church. |
|
|
|
| Hi, thanks for the replies. Here are some answers, extra info that might help us figure this out.
- The ISP's modem does not have wireless capabilities
- I am seeing these 'unknown' computers even on a desktop computer that is directly connected to the Belkin router via ethernet (and has no wireless capabilities)
- My home workgroup has a unique name
- If I disconnect my LAN from the cable modem, I am still seeing these computers. I do not think this tells us much as I am not leaving it disconnected very long so it may just be that they are not falling from whatever cache might be holding them.
- I've done an ipconfig /flushdns |
|
| One more bit info I forgot to add...
If I change my home network ip address range - from 192.168.1.X to 192.168.2.X or something else - they still appear. |
|
sk1939Premium
join:2010-10-23
Washington, DC
kudos:9 | It means they're directly connected to your network then, rather than over the internet. Do you live in an aparement or a house? How many devices are connected to your netowork? |
|
 SnowymIRC unix.ro UnderNetPremium
join:2003-04-05
Kailua, HI
kudos:6
 ·RoadRunner Cable
·Clearwire Wireless
| reply to ADKTech
I'm not a network guy, I give EGeezer  a call to help me whenever a cable gets unplugged, but have tried accessing any of them? |
|
 NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9
 ·SONIC.NET
·Pacific Bell - SBC
| reply to ADKTech
The device labeled as, "Router", is listed among the computers. I would expect a router to be listed in a different section:
My network map.
In this case, under "Network Infrastructure", are a D-Link DIR-655 ("Xtreme N GIGABIT Router"), a Netgear FR-114P ("Residential Gateway"). The latter is actually configured as a print server and switch, but is not a "gateway".
How complex is your WPA2 key? Is there any possibility that you might have a keylogger?
All devices under the "Computer" section are, in fact, computers. Somehow, the "rogues" have the ability to connect to your network.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
 MacGyverDon't Waste Your EnergyPremium,ExMod 2003-05
join:2001-10-14
Canada
kudos:1 | reply to ADKTech
Try this, it might give you some clues as to what the other devices are.
»www.softperfect.com/products/networkscanner/ |
|
 Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 | reply to ADKTech
Well my inner hacker says if the systems are on my network then they fall under my administration, plunder and pillage time 
Can you access these systems (ie try pinging them, what is their IP address). What your seeing might be a combination of issues, some of which are your ISP's problems.
Blake
Edit are you sure these aren't wifi connections? |
|
| I can not access them, I get a 'not found' error... and I can not ping them.
I'm not convinced that unplugging the cable modem gave us any useful information. The 'rogue' computers persisted through it, but I don't think I gave it enough time for them to drop from whatever cache makes them show up in that network window.
What exactly is responsible for populating that network list? DNS? ARP? NetBIOS?
Anyway, regarding a key logger, I ran safe mode Malwarebyte scans on all windows machines and they came back clean.
Just to make this case even more confuzzling... here is another bit of information for you: I live in the Mountains, in a log cabin. My nearest neighbor is not very near. In order for someone to jump on my wireless they would, more or less, need to be sitting in my driveway... or in a tent out in the woods. And for them to direct connect into my LAN they would need to be living in my crawlspace.
This is why I don't think it is a direct connection to my LAN. It could, I suppose, be remote network malware that malwarebytes didn't pick up.
But I can't shake the feeling that these are either "ghost" entries, cached over from when one of the laptops was on another network...
Or...
I am picking up computers from other customers of the cable company... maybe another house that is on the same segment?
I can't be sure, but now that I am racking my brain, I think this might have started when I recently swapped in this Belkin router. Maybe it handles NAT differently than my old router, and that is causing this? Next time I am home I can try switching them again to see what happens. |
|
| reply to ADKTech
Since you are on a cable internet, ask your isp to scan their network(your node in particular) for other users with same 'mac' address on cable modem. maybe an issue with someone on your node with same 'mac' on their cable modem or have them swap out your cable modem for another with different mac.
if you isp has accurate online bandwidth monitor, you can unplug for 24 hours and see if bandwidth usage continued.
user tools can scan the local cable network for cable modems and see whats out there.
'cable' internet is like open sewer pipe. you can potentially see neighbors crap floating by. |
|
nonymousPremium
join:2003-09-08
Glendale, AZ Reviews:
 ·Callcentric
| reply to ADKTech
said by ADKTech:I can not access them, I get a 'not found' error... and I can not ping them.
I'm not convinced that unplugging the cable modem gave us any useful information. The 'rogue' computers persisted through it, but I don't think I gave it enough time for them to drop from whatever cache makes them show up in that network window.
What exactly is responsible for populating that network list? DNS? ARP? NetBIOS?
Anyway, regarding a key logger, I ran safe mode Malwarebyte scans on all windows machines and they came back clean.
Just to make this case even more confuzzling... here is another bit of information for you: I live in the Mountains, in a log cabin. My nearest neighbor is not very near. In order for someone to jump on my wireless they would, more or less, need to be sitting in my driveway... or in a tent out in the woods. And for them to direct connect into my LAN they would need to be living in my crawlspace.
This is why I don't think it is a direct connection to my LAN. It could, I suppose, be remote network malware that malwarebytes didn't pick up.
But I can't shake the feeling that these are either "ghost" entries, cached over from when one of the laptops was on another network...
Or...
I am picking up computers from other customers of the cable company... maybe another house that is on the same segment?
I can't be sure, but now that I am racking my brain, I think this might have started when I recently swapped in this Belkin router. Maybe it handles NAT differently than my old router, and that is causing this? Next time I am home I can try switching them again to see what happens.
All is very ok. Calm down. Now have you had any help in the past? If so go back soon. If not there are many nice places that can help. Tell us in the area you live and we can find references. |
|
TheWiseGuyDog And ButterflyPremium,MVM
join:2002-07-04
East Stroudsburg, PA
kudos:2 Reviews:
·Optimum Online
1 edit | reply to ADKTech
This has nothing to do with your ISP. Change the name you gave to your workgroup, you are using the default homegroup and so are the other computers.
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore. |
|
| We are not using a homegroup. Would it be possible for computers not on my LAN to show up on my LAN if were were?
Our workgroup has a unique name.
It is important to stress that I do not have neighbors. So no one is able to jump my wireless (or vice versa) or direct connect to my LAN. |
|
| reply to nonymous
Haha, am I coming off as panicked? I do not mean to. Curiosity is my motivation here. |
|
 Name GamePremium
join:2002-07-07
North Myrtle Beach, SC
kudos:7 | reply to ADKTech
On the mac machine..what kinds of software do you have installed ? Anything like this ?
»www.all-freeware.com/details/960···osx.html |
|
| The Mac is a fresh install of OSX Lion with no software additions (I dont use it much) |
|
| reply to Name Game
double post |
|
TheWiseGuyDog And ButterflyPremium,MVM
join:2002-07-04
East Stroudsburg, PA
kudos:2 Reviews:
·Optimum Online
| reply to ADKTech
Well you may want to look through
»windows.microsoft.com/en-US/wind···-Windows
and see if it helps you check your settings.
EDIT
Also check your router settings and make sure none of your computer are not set up as a server(has all ports forwarded to the computer)
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore. |
|
