dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
18031
share rss forum feed


ADKTech

@kvvi.net

Unknown computers on local network - cable isp problem?

Hi All,

I work from home and I have run into an issue where there are a few 'unknown' (or, as I like to call them, 'rogue') computers showing up on my home network.

I do not believe anything malicious is occurring, but I am trying to figure out why this is happening and how to prevent it.

INFO: My ISP is a local cable company (very local, not a regional or national company), I am running windows 7 and Mac OSX, have a Belkin router (NAT), a LAN and wireless.

On both the windows and mac machines I am seeing these 'unknown' computers on the network. In windows, they appear as 'computers' when I go to Network. I see my personal computers, and then I see up to 3 other computers.

None of which are mine, and none of which have names that I have ever used for a computer that I own.

Here is a screenshot: »avatar12.com/network.jpg - in that example, Blacksmith is the 'unknown' computer. So is 'router', actually... but I am not sure if that is just my Belkin router or not.

Another computer that occasionally shows up is "grandmascomputer" - this sort of makes me think I am, for whatever reason, seeing someone else's home network.

My wireless: My wireless network is protected using WPA/WPA2-Personal (PSK).

I have changed the SSID and Passwords and have looked at my router's DHCP table and the only computers listed there are my personal computers.

I am as certain as I can be that these 'unknown' computers are not piggybacking on my wireless.

More info: I am unable to access to these computers, I am unable to ping them. I am not using a homegroup. I am not, nor have I ever, run hamachi, or any other vpn or network extending software/service.

Any ideas?

The only theory I have is that the local cable company is somehow bridging the networks of its customers and we happen to be on the same segment as these other folks. Is that possible? How could I confirm, and more importantly, how can I prevent?


sk1939
Premium
join:2010-10-23
Mclean, VA
kudos:10
Reviews:
·T-Mobile US
·Verizon FiOS

The only thing I can think of is that a long time ago, most cable operators didn't operate with encryption over their networks. As a result, if you didn't have a router/firewall, it was one giant metro network with everyone in the neighborhood seeing everyone else. Nowadays though, that's extremely rare. What model is your modem?



EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric
reply to ADKTech

There are a lot of unknowns in the network configuration, so this is a guess.

It could be that your ISP's router has wireless enabled and you're connecting to it rather than your Belkin.

The first thing I'd do is ensure that you are connecting to your Belkin router and not the ISP's wireless. If you are, see if you can disable the ISP's wireless radio to avoid others piggybacking the connection. It's also possible that you can see other customers on the ISP's network if you're connected directly to their router and not your Belkin.

I don't know about Win7, but suspect that it has a default workgroup name, and the other PCs you see had the same default. In that case, you'd see them, but the Win7 firewall settings would prevent connection to them.

Also, I'd call the ISP to get any remaining questions answered;

»kvvi.net/contact.htm
--
Follow your dreams, except the one where you're naked in church.


ADKTech

join:2011-11-16

Hi, thanks for the replies. Here are some answers, extra info that might help us figure this out.

- The ISP's modem does not have wireless capabilities

- I am seeing these 'unknown' computers even on a desktop computer that is directly connected to the Belkin router via ethernet (and has no wireless capabilities)

- My home workgroup has a unique name

- If I disconnect my LAN from the cable modem, I am still seeing these computers. I do not think this tells us much as I am not leaving it disconnected very long so it may just be that they are not falling from whatever cache might be holding them.

- I've done an ipconfig /flushdns


ADKTech

join:2011-11-16

One more bit info I forgot to add...

If I change my home network ip address range - from 192.168.1.X to 192.168.2.X or something else - they still appear.


sk1939
Premium
join:2010-10-23
Mclean, VA
kudos:10

It means they're directly connected to your network then, rather than over the internet. Do you live in an aparement or a house? How many devices are connected to your netowork?



Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Clearwire Wireless
·Time Warner Cable
reply to ADKTech

I'm not a network guy, I give EGeezer See Profile a call to help me whenever a cable gets unplugged, but have tried accessing any of them?



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to ADKTech

The device labeled as, "Router", is listed among the computers. I would expect a router to be listed in a different section:


My network map.

In this case, under "Network Infrastructure", are a D-Link DIR-655 ("Xtreme N GIGABIT Router"), a Netgear FR-114P ("Residential Gateway"). The latter is actually configured as a print server and switch, but is not a "gateway".
How complex is your WPA2 key? Is there any possibility that you might have a keylogger?
All devices under the "Computer" section are, in fact, computers. Somehow, the "rogues" have the ability to connect to your network.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


MacGyver
Don't Waste Your Energy
Premium,ExMod 2003-05
join:2001-10-14
Canada
kudos:2
reply to ADKTech

Try this, it might give you some clues as to what the other devices are.

»www.softperfect.com/products/networkscanner/



Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
kudos:3
reply to ADKTech

Well my inner hacker says if the systems are on my network then they fall under my administration, plunder and pillage time

Can you access these systems (ie try pinging them, what is their IP address). What your seeing might be a combination of issues, some of which are your ISP's problems.

Blake
Edit are you sure these aren't wifi connections?


ADKTech

join:2011-11-16

I can not access them, I get a 'not found' error... and I can not ping them.

I'm not convinced that unplugging the cable modem gave us any useful information. The 'rogue' computers persisted through it, but I don't think I gave it enough time for them to drop from whatever cache makes them show up in that network window.

What exactly is responsible for populating that network list? DNS? ARP? NetBIOS?

Anyway, regarding a key logger, I ran safe mode Malwarebyte scans on all windows machines and they came back clean.

Just to make this case even more confuzzling... here is another bit of information for you: I live in the Mountains, in a log cabin. My nearest neighbor is not very near. In order for someone to jump on my wireless they would, more or less, need to be sitting in my driveway... or in a tent out in the woods. And for them to direct connect into my LAN they would need to be living in my crawlspace.

This is why I don't think it is a direct connection to my LAN. It could, I suppose, be remote network malware that malwarebytes didn't pick up.

But I can't shake the feeling that these are either "ghost" entries, cached over from when one of the laptops was on another network...

Or...

I am picking up computers from other customers of the cable company... maybe another house that is on the same segment?

I can't be sure, but now that I am racking my brain, I think this might have started when I recently swapped in this Belkin router. Maybe it handles NAT differently than my old router, and that is causing this? Next time I am home I can try switching them again to see what happens.



bustedyet

@telus.net
reply to ADKTech

Since you are on a cable internet, ask your isp to scan their network(your node in particular) for other users with same 'mac' address on cable modem. maybe an issue with someone on your node with same 'mac' on their cable modem or have them swap out your cable modem for another with different mac.
if you isp has accurate online bandwidth monitor, you can unplug for 24 hours and see if bandwidth usage continued.
user tools can scan the local cable network for cable modems and see whats out there.
'cable' internet is like open sewer pipe. you can potentially see neighbors crap floating by.


nonymous
Premium
join:2003-09-08
Glendale, AZ
reply to ADKTech

said by ADKTech:

I can not access them, I get a 'not found' error... and I can not ping them.

I'm not convinced that unplugging the cable modem gave us any useful information. The 'rogue' computers persisted through it, but I don't think I gave it enough time for them to drop from whatever cache makes them show up in that network window.

What exactly is responsible for populating that network list? DNS? ARP? NetBIOS?

Anyway, regarding a key logger, I ran safe mode Malwarebyte scans on all windows machines and they came back clean.

Just to make this case even more confuzzling... here is another bit of information for you: I live in the Mountains, in a log cabin. My nearest neighbor is not very near. In order for someone to jump on my wireless they would, more or less, need to be sitting in my driveway... or in a tent out in the woods. And for them to direct connect into my LAN they would need to be living in my crawlspace.

This is why I don't think it is a direct connection to my LAN. It could, I suppose, be remote network malware that malwarebytes didn't pick up.

But I can't shake the feeling that these are either "ghost" entries, cached over from when one of the laptops was on another network...

Or...

I am picking up computers from other customers of the cable company... maybe another house that is on the same segment?

I can't be sure, but now that I am racking my brain, I think this might have started when I recently swapped in this Belkin router. Maybe it handles NAT differently than my old router, and that is causing this? Next time I am home I can try switching them again to see what happens.

All is very ok. Calm down. Now have you had any help in the past? If so go back soon. If not there are many nice places that can help. Tell us in the area you live and we can find references.

TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
East Stroudsburg, PA
kudos:3
Reviews:
·Optimum Online

1 edit

1 recommendation

reply to ADKTech

This has nothing to do with your ISP. Change the name you gave to your workgroup, you are using the default homegroup and so are the other computers.
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore.


ADKTech

join:2011-11-16

We are not using a homegroup. Would it be possible for computers not on my LAN to show up on my LAN if were were?

Our workgroup has a unique name.

It is important to stress that I do not have neighbors. So no one is able to jump my wireless (or vice versa) or direct connect to my LAN.


ADKTech

join:2011-11-16
reply to nonymous

said by nonymous:

Calm down

Haha, am I coming off as panicked? I do not mean to. Curiosity is my motivation here.


Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to ADKTech

On the mac machine..what kinds of software do you have installed ? Anything like this ?
»www.all-freeware.com/details/960···osx.html


ADKTech

join:2011-11-16

said by Name Game:

On the mac machine..what kinds of software do you have installed ? Anything like this ?
»www.all-freeware.com/details/960···osx.html

The Mac is a fresh install of OSX Lion with no software additions (I dont use it much)

ADKTech

join:2011-11-16
reply to Name Game

double post


TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
East Stroudsburg, PA
kudos:3
Reviews:
·Optimum Online
reply to ADKTech

Well you may want to look through

»windows.microsoft.com/en-US/wind···-Windows

and see if it helps you check your settings.

EDIT
Also check your router settings and make sure none of your computer are not set up as a server(has all ports forwarded to the computer)
--
Warning, If you post nonsense and use misinformation and are here to argue based on those methods, you will be put on ignore.


towerdave

join:2002-01-16
O Fallon, IL
reply to ADKTech

ADKTech,

Do you have any other devices in your home that use wireless, like phones, game consoles, tvs, etc? They could be showing up in there. Although the names indicate they are actual PCs. Hmmm.

And an unrelated question, ADK, are you in the 'dacks? That's where I grew up. Right in the middle.

TD



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7

1 recommendation

reply to ADKTech

I notice in your screenshot you have your belkin as a media device in this Network and Sharing Center for the Win7 PC. I have no idea what is the primary use of your setup or what type of usb devices you have plugged into the PC in the past or currently..but I would start from scratch in Understanding the Network and Sharing Center for win7 and that might give you some clues why you are seeing Blacksmith.

Network and Sharing Center

»www.windows7library.com/blog/sec···-center/

How to Change Windows 7 Homegroup File and Folder Sharing Settings

»www.sevenforums.com/tutorials/44···ngs.html

»www.sevenforums.com/network-shar···ork.html

»windows.microsoft.com/en-US/wind···easy-way

You should be able to take the following steps to enable media sharing between your PS3 and Windows 7 OS:

Go to Control Panel > Network and Sharing Center > Change Advance Sharing Settings

Then you need to make sure:
- Network Discovery is ON
- File & Printer Sharing is ON

After that click on Media Streaming options

On the Show devices drop bar, select All Networks
You should see some Unknown device/devices.
Double-click each Unknown device to see the MAC address of the device

»www.sevenforums.com/tutorials/13···off.html
--
Gladiator Security Forum
»www.gladiator-antivirus.com/


aannoonn

@151.190.0.x
reply to ADKTech

Wow, Keene Valley. I used to spend my winters near there, going bobsledding. Would go to Purdy's in Keene for lunch every day. I was a member of the Hurricane Bobsled Club.


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

2 recommendations

reply to ADKTech

said by ADKTech:

What exactly is responsible for populating that network list? DNS? ARP? NetBIOS?

I believe it's the browser service (this term was claimed before we had 'web browsers') and unless you have some device operating a WINS (Windows networking name service) server, it's operating by Netbios broadcasts.

On the other hand, I haven't kept up with the ever-more-complicated mechanisms that get added for network device discovery, and it's possible that the list is augmented by something like UPnP.

Try this experiment: open up a command prompt window and type net view. Is the list of computers the same as you see in the GUI?

ADKTech

join:2011-11-16
reply to Name Game

said by Name Game:

I notice in your screenshot you have your belkin as a media device in this Network and Sharing Center for the Win7 PC.

As best as I can tell, that was just the way the new Belkin N750 set itself up by default.

My understanding is that some new routers come with media capabilities, such as allowing you to share usb drives and printers, etc. I suspect this is just part of that.

In any event, I have no internet devices in the home that would take advantages of those services, or try to connect to them. No ps3, no xbox, no media streaming devices, or usb drives, etc.


coldmoon
Premium
join:2002-02-04
Broadway, NC
Reviews:
·Windstream

quote:
In any event, I have no internet devices in the home that would take advantages of those services, or try to connect to them. No ps3, no xbox, no media streaming devices, or usb drives, etc.
What about cable/sat TV DVR's, cell phone boosters like Sprint's airave, etc?
--
Returnil - 21st Century body armor for your PC

ADKTech

join:2011-11-16
reply to ADKTech

Ok, in an attempt to help us - and to avoid more complicated discussions related to network setup - I've broken this down to as simple a network as I can right now.

Cable modem > Belkin Router > 1 windows 7 laptop.

Last night I took all other computers off the network and they are powered down. There are no other internet connected devices in the home. We dont have an xbox or ps3 or media streaming device or anything else.

The Belkin's DHCP table shows only one client - the one remaining laptop.

Now, when I open up the network window on this last remaining laptop, I see 5 computers.

The 5 computers are: Itself, my desktop computer (which has been powered down for almost 18 hours now), something called "router", "grandmascompute", and "LanaHP".

That last one is new, it is not one I've seen there before... so new devices are still populating there somehow.


ADKTech

join:2011-11-16
reply to coldmoon

said by coldmoon:

What about cable/sat TV DVR's, cell phone boosters like Sprint's airave, etc?

Nope, nothing like that.

towerdave

join:2002-01-16
O Fallon, IL
reply to ADKTech

If you ping those names in a Command window, do they resolve to an IP address? Do the IPs fall in the same subnet as yours? (are the first 3 numbers the same)

TD


ADKTech

join:2011-11-16

said by towerdave:

If you ping those names in a Command window, do they resolve to an IP address? Do the IPs fall in the same subnet as yours? (are the first 3 numbers the same)

TD

I am unable to ping or connect to them.