Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | (show all)   Print Thread
Standard User longedge
(committed) Thu 28-Dec-17 13:58:07
Print Post

Unrecognised network infrastructure device.


[link to this post]
 
I'm looking for advice on what to do about a device that I see listed under Infrastructure Devices on my network when I look in Windows Explorer. I can't identify it and wonder if my system is compromised in some way. A few days ago I had a series of several mobile phones and an Amazon tablet appear and then disappear again. When I view the properties I see:-

Device details
Manufacturer Mini-Router
Model RTL8xxx
Model Number EV-20 10-09-20
Serial Number 123456789012347
MAC Address 0e:41:58:00:99:3c

I have got a WD MyCloud NAS, 2 x security cameras, Sky Box, Sony Smart TV, HP Printer, iPhone, iPad and my desktop PC connected at various times. I have 2 x TP link switches each connected directly to the router.

The iPhone, iPad and PC are connected by Wi-Fi on 5GHz and my router 2.4GHz is disabled. I've setup MAC filtering to allow only those 3 devices to connect. I've also changed my Wi-Fi password.

Has anybody got any idea what the unknown device might be and what I should do about it?

p.s. I should add that my router is a Netgear R6250 (802.11ac Dual Band Gigabit)

Edited by longedge (Thu 28-Dec-17 14:01:03)

Standard User ian72
(eat-sleep-adslguide) Thu 28-Dec-17 14:15:16
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
That's a Realtek wireless lan adapter. What wifi adapter does your desktop have?
Standard User longedge
(committed) Thu 28-Dec-17 14:21:34
Print Post

Re: Unrecognised network infrastructure device.


[re: ian72] [link to this post]
 
Thanks for the speedy reply.

My PC wireless adapter is shown in device manager as "Qualcomm Atheros AR938x".


Register (or login) on our website and you will not see this ad.

Standard User ian72
(eat-sleep-adslguide) Thu 28-Dec-17 14:39:00
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
There appears to be a wireless adapter in something on your network that is a realtek. The PC doesn't by any chance have an old inbuilt wireless adapter that you aren't using does it? Or perhaps one of your neighbours knows your wifi password and is accessing your Internet?
Standard User longedge
(committed) Thu 28-Dec-17 14:50:21
Print Post

Re: Unrecognised network infrastructure device.


[re: ian72] [link to this post]
 
I wsas thinking along those lines which is why I changed my wireless password. However, my router doesn't show it as a connected device.

I think my next step is going to be finding a lead long enough to connect my PC by ethernet and disabling wireless altogether and then see if it re-appears.

Standard User MCM
(knowledge is power) Thu 28-Dec-17 14:59:29
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
This appears to be a feature of Windows 10 and perhaps 8, in that Windows Explorer reports wireless devices that aren't actually connected to your network. For example I frequently notice phones being listed in Windows Explorer when running Win 10 with a wireless connection that are not connected to my network/WAP/switches nor seen by Win 7.
Standard User longedge
(committed) Thu 28-Dec-17 15:20:27
Print Post

Re: Unrecognised network infrastructure device.


[re: MCM] [link to this post]
 
The thing is that it keeps disappearing and then re-appearing. I just checked again and it was gone. I refreshed the view 5 mins later and it was back.

Standard User 10forcash
(member) Fri 29-Dec-17 07:41:57
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
Download and run Netscan, if the device has an IP address on your LAN, you have a problem. How are your security cameras connected? Generally, domestic variants are easily hackable.
Standard User caffn8me
(eat-sleep-adslguide) Fri 29-Dec-17 10:05:30
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
Disable WPS on your wireless router. This may be a sign of a WPS attack tool. Also make sure that you're running the very latest firmware as the R2650 has had a number of serious vulnerabilities.

The fact you're seem to be seeing other devices connecting suggests that one of your neighbours is using your wifi.

I'd suspect that the device you keep seeing is the device trying to brute force attack your WPS pin number and, once cracked, this can be used by other devices such as the Amazon tablet and mobile phones you saw previously.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs

Edited by caffn8me (Fri 29-Dec-17 10:17:08)

Standard User longedge
(committed) Fri 29-Dec-17 12:32:10
Print Post

Re: Unrecognised network infrastructure device.


[re: caffn8me] [link to this post]
 
That was pretty much the conclusion that I came to (PixieDust). I haven't seen the device yet today. I'm waiting for delivery of a 5metre cable and as soon as it arrives I can connect my PC and then I'm going to switch wireless off altogether for a few days. Everything on my network will then be hard wired except my iPhone and iPad and I can manage without them being connected.

p.s. I have updated my router with the latest beta security patch.

Edited by longedge (Fri 29-Dec-17 12:33:33)

Standard User ukhardy07
(knowledge is power) Fri 29-Dec-17 12:49:14
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
I actually break into WiFi networks as part of my job, there's two routes in:
1. WPS flaws, although most devices now have WPS locking after 3 failed attempts (this can be bypassed with skill). It is always good practice to disable WPS.
You can see the attack here: https://www.youtube.com/watch?v=knllpZF508k
2. Capture the WPA-2 handshake as you connect in. This can be cracked offline.
To mitigate against number 2, use a long password, say 30+ characters which does not resemble dictionary / easy to remember words. Ensure you are only using WPA-2 not WPA/WPA2 mixed mode, or worse WPS.
You can see the attack here: https://www.youtube.com/watch?v=1HcA17huGBc

Number 2 takes time, but you can speed things up by using logic. Take the latest BT SmartHub, we see an SSID: BTHub6-XXXX and we know the passwords are always 10 characters in length by default. So we only try out 10 digit passwords on this SSID.
Standard User ukhardy07
(knowledge is power) Fri 29-Dec-17 12:59:18
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
Device details
Manufacturer Mini-Router
Model RTL8xxx - looks to be realtek, these work on wifi attacks.
Model Number EV-20 10-09-20
Serial Number 123456789012347
MAC Address 0e:41:58:00:99:3c - This MAC does not belong to a vendor, which suggests it is being spoofed or faked, to try and hide the real devices identity. This is highly suspect. I would have expected to see a Realtek MAC given the details.

If you google the Serial Number: 123456789012347 it brings you right over to some common WPS exploits. https://forums.kali.org/showthread.php?25018-Pixiewp...

In your shoes I would do the following:
1. Reset router to factory settings
2. Change WiFi password to 30+ random password
3. Disable WPS entirely.

I have mentioned number 1, factory settings, as often times once in the attacker setups up remote access to the router interface, so they can get right back in through their backdoor and view the new WiFi password / make changes still.

Edited by ukhardy07 (Fri 29-Dec-17 13:01:46)

Standard User longedge
(committed) Fri 29-Dec-17 17:12:52
Print Post

Re: Unrecognised network infrastructure device.


[re: ukhardy07] [link to this post]
 
The device hasn't appeared in Windows Explorer at all today. However, although the router doesn't show the IP in the list of attached devices Netscan ping scan shows 192.168.1.13 as responding.

At the moment I'm wary of doing a factory reset because I can only connect to the router with my PC over wi-fi so I think I'll just switch everything off in a while until I've got my cable.

p.s.- Is a factory reset sure to get rid of the problem?

Edited by longedge (Fri 29-Dec-17 21:17:34)

Standard User ukhardy07
(knowledge is power) Sat 30-Dec-17 11:37:43
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
Factory reset + disable WPS + new password should resolve everything yes.

On your router, does it have the default WIFI name and Password written on the device? Netgears usually do. If you reset, you can connect over this on WiFi.

Then login to the router, disable WPS, assign a long password, and fix to WPA2.

Run a nmap against 192.168.1.13. For windows use zenmap https://nmap.org/zenmap/
What ports are open? It may give you an idea what the device is.

With these things, there is a sense of urgency, from the perspective you are liable for what is done on your home network, ie the user browses child pornography you will be arrested as it's your name on the bill. Likewise if they download illegal content e.g. copy-write material, it will comeback to you. I'd get on it right away.

ps don't bother with MAC address filtering, it does nothing for security and can be bypassed in a second. It just gives you a headache managing something that doesn't benefit you anyway.

Edited by ukhardy07 (Sat 30-Dec-17 11:40:30)

Standard User longedge
(committed) Sat 30-Dec-17 13:29:04
Print Post

Re: Unrecognised network infrastructure device.


[re: ukhardy07] [link to this post]
 
It took about a dozen attempts to reset the router and didn't work until I had unplugged everything but the power. I think there's still something 'funny' going on because at the moment netscan has revealed 192.168.1.3 answering. I can ping it but when I do, Wireshark doesn't show any activity.

Also, after I set the router up again, the SSID and password kept changing. I'm sure "royaltomato984" isn't a default password! I have now got my own SSID and password to stick.

I'll have to give it a rest now coz I'm boggle eyed trying to watch all the network activity.

I've had it in mind for a while to buy a new router so I think the R6250 might be going in my spares bin.

Standard User longedge
(committed) Sat 30-Dec-17 17:05:06
Print Post

Re: Unrecognised network infrastructure device.


[re: ukhardy07] [link to this post]
 
Nmap reports open ports on the IP that is now the 'hidden one' 192.168.1.3 :-
Discovered open port 554/tcp on 192.168.1.3
Discovered open port 445/tcp on 192.168.1.3
Discovered open port 135/tcp on 192.168.1.3
Discovered open port 2869/tcp on 192.168.1.3
Discovered open port 10243/tcp on 192.168.1.3
Discovered open port 5357/tcp on 192.168.1.3

However I've just run a scan for my external IP for all service ports on GRC.com and that came back all stealth.

Not quite sure where to go from here.

Standard User ukhardy07
(knowledge is power) Sat 30-Dec-17 18:19:43
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
Port 445 is the Windows SMB port, so that tells you a Windows device is connected here.

You sure this isnít one of your own devices?

RE the default passwords, vendors moved away from default easy to guess passwords to more complicated random ones, so that could be the PW.
Standard User longedge
(committed) Sat 30-Dec-17 20:53:06
Print Post

Re: Unrecognised network infrastructure device.


[re: ukhardy07] [link to this post]
 
I've just come home and switched on to find the unexplained IP has disappeared BUT a few minutes ago a Mobile Phone was showing -

X6069_CUBOT_5365U
Manufacturer Cubot
Model number Cubot Max
MAC 7c:b9:60:02:0d:ae (appears to be a Chinese Co. vendor code)

I switched wireless off and it has disappeared again.

A range scan with Netscan is only showing IP addresses that I can account for (Router, PC and NAS).

Standard User 10forcash
(member) Sat 30-Dec-17 22:19:06
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
You've still not said how your IP camera's are connected...
How did you find the 'royaltomato984' password?
Standard User ukhardy07
(knowledge is power) Sun 31-Dec-17 00:18:20
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
...Typical they have a budget Chinese mobile phone.

Are you sure WPS is turned off? On both 2.4 and 5ghz?

WiFi is so cheap in this country, it's mad to think they're going to all this hassle. Mobile phones have small antennas, it's unlikely to be much further from one of the neighbours, where is your router in the home? 5Ghz barely covers a normal sized house, let alone going beyond many of the neighbours.

Do you have ANY powerline plugs in the home? Any WiFi extenders? Anything other than the main router?

Who is your ISP? E.g. if you have BT, their SmartHub has protection against these WPS attacks out of the box. It's also fairly good WiFi (AC2600 which is better than the netgear) and might be an option to get something cheap and quick.

Steps to try:
1. Check WPS is fully disabled
2. Check any remote management is disabled
3. Ensure no homeplugs are connected - these can connect to neighbours home wiring. It wouldn't be the first the the neighbours have a powerline WiFi extender, which routes back to next door, so whilst they see they're connecting to their home SSID they're getting an IP to next doors router.
4. Update to latest firmware for the router
5. For any wifi extenders ensure WPS is turned off here also
6. Use a long complex password
7. Use WPA2 only

Edited by ukhardy07 (Sun 31-Dec-17 00:37:34)

Standard User longedge
(committed) Sun 31-Dec-17 10:10:45
Print Post

Re: Unrecognised network infrastructure device.


[re: 10forcash] [link to this post]
 
Both cameras were connected by ethernet.

After finally managing to do a factory reset on my router, the default router login was the standard Netgear admin/password which was the first thing I changed. Logged back in and then went to wireless setup and that was the wi-fi password. I changed the SSID and the password. But had to do it a coupld of times before it stuck.

Standard User longedge
(committed) Sun 31-Dec-17 10:23:06
Print Post

Re: Unrecognised network infrastructure device.


[re: ukhardy07] [link to this post]
 
I've got all those bases covered I think. Wireless turned off, both 2.4 and 5GHz and WPS is switched off. Remote management on router is disabled. No powerline extenders, they don't work for me so I ran cabling all over the house some time ago. There was a recent Beta Security update from Netgear which I've installed. 40 digit wifi password for occasional use (when I need to download the next book to my iPhone and briefly switch wifi on).

No sign of any intrusion this morning and no IP's unnacounted for so for the time being all seems OK.

Standard User ukhardy07
(knowledge is power) Sun 31-Dec-17 13:21:28
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
Iíd say keep the WiFi on all the time, just change the password periodically eg every 60 days.

The WiFi password sounds about right to me, my netgear had a similar odd password.

Hopefully itís all resolved now!

FYI, something amusing, Sky Qs system breaks if you turn off WPS! All the TV boxes disconnect.
Standard User longedge
(committed) Sun 31-Dec-17 14:04:49
Print Post

Re: Unrecognised network infrastructure device.


[re: ukhardy07] [link to this post]
 
In reply to a post by ukhardy07:
Iíd say keep the WiFi on all the time, just change the password periodically eg every 60 days.


Looks like I'll have to do that. I can turn wifi off on the router admin page from my PC but if I re-enable it I have to do it by pressing the sbutton on the router even though the admin page claims wifi is on, it doesn't actually come on until it's done manually. The router is in the loft and it's a bit of a trek so, yes it's on permanently now and all is looking good - fingers crossed.

I'm looking into re-connecting my cameras in due course after a factory reset and when I've got a definitive answer on how to disable them having any access to the internet at all.

Thanks for all the guidance and HAPPY NEW YEAR to all.

Standard User longedge
(committed) Mon 01-Jan-18 00:55:18
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
So I was overoptimistic! 2 x phones appeared again today and when I switched wireless off and did some digging there was a hidden IP which appeared to belong to nginx.com. My conclusion is that either there is a persistent infection on the router that has withstood the factory reset or there is something on my PC that is re-instating access to the router.

I have Malwarebytes Premium and have scanned my PC with it over and above the daily scan and realtime protection and also scanned with Avira both of which came up negative. Should I run something else?

I think I'll be off to Maplins/Currys in the morning to look at routers - I've always had Netgear but perhaps I should look at another make - any suggestions? I'm worried about connecting withanother router and simply transferring the 'back door'.

Standard User micksharpe
(legend) Mon 01-Jan-18 02:20:14
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
Nginx is a web server, and will provide a route for someone to access your machine using a web browser. If you connect to http://localhost, you may well get a web page. Note that Nginx may be using a non-standard TCP/IP port, in which case you will need to append the port number to the URL (e.g. http://localhost:8080). Nginx is probably running as a Windows service with admin privileges. You should be able to disable the service from the control panel, although there is nothing to stop some other bit of malware from re-enabling it. You need to find out where nginx.com is located on your disk drive. Deleting it (or re-naming it) may well solve your problem (unless some other program is waiting for such an event to re-install it). Obviously, the best course of action is to find out what software installed and activated Nginx in the first place. Have you installed any software that provides a web interface? There is the possibility that Nginx is running legitimately and is not the cause of your problem, but some software my be using an infected version.

Edit:

Nginx is a know attack vector, and since it is a legitimate program (and may not contain a virus), it will be ignored by anti-virus programs. However, it can still be used by remote scripts to access your computer. Google Nginx Virus for more information.

'Sir, please,' she said ... 'Will you not share your wisdom with us?'
'I have no wisdom,' he told her.
'Your experiences, then?'
'They have been trivial, uninteresting, and full of error.'
Iain M. Banks -- Feersum Endjinn

Edited by micksharpe (Mon 01-Jan-18 02:59:00)

Standard User longedge
(committed) Mon 01-Jan-18 09:32:42
Print Post

Re: Unrecognised network infrastructure device.


[re: micksharpe] [link to this post]
 
For now I'm leaving wireless disabled. Since this has virtually no impact on me I'll leave it like that and keep watching. I can download audiobooks to my PC and if I work out how to transfer them to my iPhone via the 'lightning' lead I won't need wifi at all.

I've done wildcard varied searches of my PC for "Nginx" but found nothing. Nothing like that in services either running or stopped and my hosts file is just as it comes with Windows.

Just noticed that my BQM shows about 15 minutes or so yesterday evening where my router started answering pings. I guess that's when 'they' managed to get onto my network,

My router log shows scans interpreted as a DOS Attack at 7:34 this morning from 60.191.186.103 (Hangzhou original technology co., LTD).

Edited by longedge (Mon 01-Jan-18 09:53:28)

Standard User ukhardy07
(knowledge is power) Mon 01-Jan-18 10:01:41
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
We need to get to the route of the problem.
Who is your ISP and do you have a device provided by them you can test for a day or two?
Are you London based? I would happily say hello and try to help.

Iíve helped a few large scale firms after compromises, I think were missing something here, possibly quite obvious.

Edited by ukhardy07 (Mon 01-Jan-18 10:02:51)

Standard User MCM
(knowledge is power) Mon 01-Jan-18 10:32:50
Print Post

Re: Unrecognised network infrastructure device.


[re: ukhardy07] [link to this post]
 
I think Windows 10 may be a factor here. Are these external devices seen by devices on your LAN other than in Windows Explorer on a wireless enabled PC/tablet running Windows 10? For example does the router see/report these external devices?
Standard User longedge
(committed) Mon 01-Jan-18 11:15:46
Print Post

Re: Unrecognised network infrastructure device.


[re: ukhardy07] [link to this post]
 
Firstly thanks for the offer but I'm oopNorth in Derbyshire.

I'm with PlusNet and I did have a router from them but after turning everything upside down I can't find it 8^( I've been with them for quite a few years now and I have a fixed IP which I've never really had a use for, apart from my BQM. I was wondering whether it's worth keeping.

I keep saying I'm going to buy a new router but as I also said, I don't want to do that only to find myself in the same situation again.

Standard User longedge
(committed) Mon 01-Jan-18 11:28:03
Print Post

Re: Unrecognised network infrastructure device.


[re: MCM] [link to this post]
 
Well - the pattern seems to be that I see the phones in Windows Explorer but they're only there for a while and then disappear. They never as far as I know, appear as attached devices in the router admin page. Neither is there a trace there of the hidden IP's when I have found them with Netscan.

Although I previously used my PC on wifi, it's now connected by ethernet.

It does seem as if things only go awry if I enable wireless. So my answer for now is to keep it disabled.

Standard User ukhardy07
(knowledge is power) Mon 01-Jan-18 12:09:29
Print Post

Re: Unrecognised network infrastructure device.


[re: MCM] [link to this post]
 
It could be windows 10 but thatís not explaining why they donít show when the WiFi is turned off.

Itís also not justifying the open ports including the windows SMB port found when an nmap was run against one of these mystery devices.

If it was the OS playing some weird magic youíd expect nmap to show the host as down and no open ports and services.
Standard User robertcrowther
(member) Mon 01-Jan-18 13:12:04
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
I have seen something similar to this issue when people use their laptops on trains and Windows 10 shows devices that aren't connected. The solution to that issue is to make sure network device discovery is turn off and make sure you don't have any Bluetooth enabled on your computer if you aren't using it.
Standard User 69bertie
(member) Mon 01-Jan-18 13:51:04
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
It doesn't cost you any additional money to have a fixed IP with Plusnet (it's a one time payment - £5 comes to mind).

Standard User 69bertie
(member) Mon 01-Jan-18 14:04:46
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
Just wondered, as this seems to be a Windows Explorer thing, if this actually means you have access to them and not the other way around. Are you just picking up the SSID or something similar, maybe bluetooth connected, ready for pairing? I do know that Windows 10 seems to display far more info than my Windows 8.1 machine. SSID's, for instance, the number of networks displayed on my Windows 10 is 11, with Windows 8.1, I only get shown 5. Just a thought.

It's been a nice read though, thanks to ukhardy07, as I never gave it a thought about turning WPS back off after I'd finished using it.

Standard User longedge
(committed) Mon 01-Jan-18 14:31:33
Print Post

Re: Unrecognised network infrastructure device.


[re: 69bertie] [link to this post]
 
In reply to a post by 69bertie:
It doesn't cost you any additional money to have a fixed IP with Plusnet (it's a one time payment - £5 comes to mind).


I got one years ago when they were free. Just a tick box when signing up. I'm wondering whether to get shut and not whether to get one 8^)

I do have a BT dongle for my PC but I don't keep it connected and rarely use it. SInce my PC has no BT connectivity I think I can rule that one out.

Some confusion about networks as well I think. I think you may be talking about available networks that you see. I'm talking about my own LAN - as the man said "there can be only one" 8^)

Edited by longedge (Mon 01-Jan-18 15:29:53)

Standard User MCM
(knowledge is power) Mon 01-Jan-18 16:59:49
Print Post

Re: Unrecognised network infrastructure device.


[re: ukhardy07] [link to this post]
 
As I think I suggested some days ago this appears to be a feature of Windows 10 when Wi-Fi is enabled and AFAIK has nothing to do with the router. I think, and perhaps grasping now at straws, it is something to do with Win 10 allowing users to link directly with other users point to point or be a wireless hot spot. I think it's all down to the virtual Wi-Fi adapter with systems running Win 10 being able to become a software-based wireless access point
Standard User robertcrowther
(member) Mon 01-Jan-18 17:57:47
Print Post

Re: Unrecognised network infrastructure device.


[re: MCM] [link to this post]
 
Until Windows 8 came out ad-hoc mode was dealt with by the device driver. Windows 10 does not need the driver to use ad-hoc mode anymore and by just disabling a few services this can be disabled very easily.
Standard User MCM
(knowledge is power) Mon 01-Jan-18 18:10:01
Print Post

Re: Unrecognised network infrastructure device.


[re: robertcrowther] [link to this post]
 
Indeed and is what I do on my machines that run Win 10 and have Wi-Fi. I'm just a little surprised that this Win 10 feature isn't better known and therefore this thread.
Standard User micksharpe
(legend) Mon 01-Jan-18 20:03:36
Print Post

Re: Unrecognised network infrastructure device.


[re: MCM] [link to this post]
 
I must admit that I have seen unknown devices connected to my router with Wi-Fi enabled (which is why I currently have it disabled).

'Sir, please,' she said ... 'Will you not share your wisdom with us?'
'I have no wisdom,' he told her.
'Your experiences, then?'
'They have been trivial, uninteresting, and full of error.'
Iain M. Banks -- Feersum Endjinn
Standard User longedge
(committed) Mon 01-Jan-18 20:27:54
Print Post

Re: Unrecognised network infrastructure device.


[re: MCM] [link to this post]
 
In my case, my PC is connected via ethernet. The PC wireless adapter is disabled. If I enable wireless on my router, that's when the strangers start appearing. Are you saying that Win10 could be creating an ad hoc wifi network on my router?

Standard User caffn8me
(eat-sleep-adslguide) Mon 01-Jan-18 20:29:45
Print Post

Re: Unrecognised network infrastructure device.


[re: micksharpe] [link to this post]
 
This is obviously a bit of a sledgehammer approach, but I'm currently testing both a Fingbox and Domotz Pro.

The Fingbox is more suitable for a domestic situation and can send realtime email and phone app alerts whenever a new device connects to your network - either by wifi or ethernet. You can also block devices which suddenly appear using the phone app at the touch of a button - without having to configure anything on the router.

A rather interesting feature called DigitalFenceô shows nearby wifi devices even if they aren't connecting to your wifi router and you can set up alerts when specific wifi devices come within range. The app gives you details about the device, the signal strength and the name of the wifi network it connects to.

I can now tell you that one of my neigbours in particular runs a Sonos Play:1, a Netgear ReadyNAS, a Sony television and an iPhone connected to their network. Another has an LG smart TV. These aren't devices functioning as access points but clients on other networks.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User robertcrowther
(member) Mon 01-Jan-18 20:34:00
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
In reply to a post by longedge:
In my case, my PC is connected via ethernet. The PC wireless adapter is disabled. If I enable wireless on my router, that's when the strangers start appearing. Are you saying that Win10 could be creating an ad hoc wifi network on my router?


It's not creating anything on the router, it's just showing that there are other devices near to you that you can connect to
Standard User micksharpe
(legend) Mon 01-Jan-18 20:44:13
Print Post

Re: Unrecognised network infrastructure device.


[re: robertcrowther] [link to this post]
 
In reply to a post by robertcrowther:
In reply to a post by longedge:
In my case, my PC is connected via ethernet. The PC wireless adapter is disabled. If I enable wireless on my router, that's when the strangers start appearing. Are you saying that Win10 could be creating an ad hoc wifi network on my router?


It's not creating anything on the router, it's just showing that there are other devices near to you that you can connect to
So why do they show up on the attached devices menu?

'Sir, please,' she said ... 'Will you not share your wisdom with us?'
'I have no wisdom,' he told her.
'Your experiences, then?'
'They have been trivial, uninteresting, and full of error.'
Iain M. Banks -- Feersum Endjinn
Standard User craski
(committed) Mon 01-Jan-18 21:00:45
Print Post

Re: Unrecognised network infrastructure device.


[re: caffn8me] [link to this post]
 
I watched a review of the fingbox on YouTube, quite an interesting approach, not sure Iíd want to plug one into my own network though.
https://m.youtube.com/watch?v=4Hc3YGsaW8U

Zen Business FTTC BQM
Talk Talk Business FTTC BQM
IDNET ADSL BQM
Standard User caffn8me
(eat-sleep-adslguide) Mon 01-Jan-18 21:18:20
Print Post

Re: Unrecognised network infrastructure device.


[re: craski] [link to this post]
 
I have multiple subnets and VLANs on my network, and an enterprise grade firewall. It can't see anything particularly sensitive on my network. I did read through the privacy policy before I installed it and nothing particularly stood out as being a problem. It's also not done anything to upset my firewall so far.

I've disabled access to location and phone contacts and haven't set up any users. It still gives me all the functionality I need. The wifi bandwidth monitor looks like it's going to be particularly useful for doing wifi surveys.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User ukhardy07
(knowledge is power) Mon 01-Jan-18 22:09:51
Print Post

Re: Unrecognised network infrastructure device.


[re: robertcrowther] [link to this post]
 
In reply to a post by robertcrowther:
In reply to a post by longedge:
In my case, my PC is connected via ethernet. The PC wireless adapter is disabled. If I enable wireless on my router, that's when the strangers start appearing. Are you saying that Win10 could be creating an ad hoc wifi network on my router?


It's not creating anything on the router, it's just showing that there are other devices near to you that you can connect to


Can we take a step back. These devices unknown have a local IP, eg one earlier was 192.168.1.3 and open ports. A device not connected to the WiFi or Ethernet does not get an IP allocated over DHCP, nor can it have any open ports or services if itís not connected.

Earlier we had:

Nmap reports open ports on the IP:
Discovered open port 554/tcp on 192.168.1.3
Discovered open port 445/tcp on 192.168.1.3
Discovered open port 135/tcp on 192.168.1.3
Discovered open port 2869/tcp on 192.168.1.3
Discovered open port 10243/tcp on 192.168.1.3
Discovered open port 5357/tcp on 192.168.1.3

In the event this device was not on the network you would see host is down and no open ports and services, irrespective of Windows 10.

Edited by ukhardy07 (Mon 01-Jan-18 22:12:34)

Standard User ukhardy07
(knowledge is power) Mon 01-Jan-18 22:11:42
Print Post

Re: Unrecognised network infrastructure device.


[re: robertcrowther] [link to this post]
 
In reply to a post by robertcrowther:
In reply to a post by longedge:
In my case, my PC is connected via ethernet. The PC wireless adapter is disabled. If I enable wireless on my router, that's when the strangers start appearing. Are you saying that Win10 could be creating an ad hoc wifi network on my router?


It's not creating anything on the router, it's just showing that there are other devices near to you that you can connect to


You miss a key point, his router is allocating these devices local IPs over his routers DHCP.
Standard User MCM
(knowledge is power) Tue 02-Jan-18 01:08:36
Print Post

Re: Unrecognised network infrastructure device.


[re: ukhardy07] [link to this post]
 
You miss a key point, his router is allocating these devices local IPs over his routers DHCP.
As maybe but does this happen when the machine running Win 10 is switched off and using a device running Android, iOS or Linux to look at the router or perhaps an older version of Windows such as Win 7. I feel the OP needs to eliminate the possibility of this being a Win 10 induced phenomenon.
Standard User ukhardy07
(knowledge is power) Tue 02-Jan-18 08:44:28
Print Post

Re: Unrecognised network infrastructure device.


[re: MCM] [link to this post]
 
In reply to a post by MCM:
You miss a key point, his router is allocating these devices local IPs over his routers DHCP.
As maybe but does this happen when the machine running Win 10 is switched off and using a device running Android, iOS or Linux to look at the router or perhaps an older version of Windows such as Win 7. I feel the OP needs to eliminate the possibility of this being a Win 10 induced phenomenon.
I donít understand how it could be? Are you suggesting Windows 10 is allowing a bunch of neighbour devices onto the network including additional windows devices, mobiles etc?

It simply doesnít work like that... The router only allocates IP addresses to devices connected via Ethernet or WiFi, thereís no magic that causes windows 10 to provide neighbouring devices access to the network.

Provide me a link to a valid source that shows having windows 10 allows unknown devices onto a local network. Then provide me a source that explains how nmap is finding open ports on an IP address youíre saying is down to Windows 10?

Running Windows 10, or any device for that matter, does not provide other devices access to the local area network, with valid IP addresses and open ports. Thatís a huge gaping security hole and simply is not the case.. if you can find me a source anywhere that says it does all of this I will be amazed.

Imagine a data centre running Windows OS, say itís the server processing payment card information. Are we now to believe if itís windows 10 itís going to just let foreign devices hop onto the network? What about the latest point of sales used in stores on Windows 10, Iíve seen a couple using WiFi, the same WiFi used by in store iPads and tablets which process mobile payments.

Are these letting in every walking by customer into the wireless, so they can be on the same network environment as cardholder data?

Iím sure this is how Microsoft designed the OS. Come on...
End of story, Windows 10 does not allow unknown devices onto the LAN. It can share the WiFi password but thatís a different system, it does sometimes show a bunch of extra devices in the OS GUI, none have an IP locally.
Standard User longedge
(committed) Tue 02-Jan-18 10:09:30
Print Post

Re: Unrecognised network infrastructure device.


[re: ukhardy07] [link to this post]
 
Regular checks over the last couple of days have shown no unaccounted for results. My wifi has been off the whole time and that is workable for me so I'll leave it that way. When Unis go back from their holidays I'll try wifi again and see what happens 8^).

Standard User MCM
(knowledge is power) Tue 02-Jan-18 16:35:35
Print Post

Re: Unrecognised network infrastructure device.


[re: ukhardy07] [link to this post]
 
End of story, Windows 10 does not allow unknown devices onto the LAN. It can share the WiFi password but thatís a different system, it does sometimes show a bunch of extra devices in the OS GUI, none have an IP locally.
Rather than being dogmatic and going by the book I prefer to check and eliminate all possibilities nevertheless I agree with your comments. Windows 10 however behaves somewhat unexpectedly regarding networking hence my comment. With 20+ years of testing MS operating systems I saw many surprises however that was in the past and have never bothered fully checking out Win 10 and its many quirks.
Standard User ukhardy07
(knowledge is power) Tue 02-Jan-18 17:16:48
Print Post

Re: Unrecognised network infrastructure device.


[re: MCM] [link to this post]
 
No worries, understood.

I hate windows, have to use it everyday nonetheless.

Fascinates me to this day how proud companies are to say "we are a full Microsoft house." Why anyone would use Windows to host a server is beyond me!
Standard User Dwight1379
(newbie) Tue 02-Jan-18 18:54:18
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
Joining this at a late date but you said you have some power line plugs, have you set up the security on these?
I use Netgear units and thought noting of the security, until I looked into slow broadband. Found out I was using my neighbors SKY! Shock to him too!
Regards.
David
Standard User ukhardy07
(knowledge is power) Tue 02-Jan-18 19:08:27
Print Post

Re: Unrecognised network infrastructure device.


[re: Dwight1379] [link to this post]
 
Fairly common actually!

Anyways, heís not got them:
http://forums.thinkbroadband.com/security/t/4578601-...
Standard User longedge
(committed) Tue 02-Jan-18 19:53:04
Print Post

Re: Unrecognised network infrastructure device.


[re: Dwight1379] [link to this post]
 
In reply to a post by Dwight1379:
you said you have some power line plugs

No, I bought a set several years ago when investigating poor wi-fi but they didn't work for me and I returned them. I don't have any now and my network is entirely ethernet cabling (with wi-fi switched off 8^) ).

As an aside, I've now developed an additional way of checking that all is in order - a quick look at my BQM just to make sure that it is all red. During one of the 'intrusions' a few days ago I saw a short period of about half an hour when pings were being responded to at my IP. That stopped again as soon as I disabled wifi.

Standard User IanBB
(committed) Tue 02-Jan-18 20:40:08
Print Post

Re: Unrecognised network infrastructure device.


[re: ukhardy07] [link to this post]
 
I have been following this thread with interest as I have seen some transient devices appear in the network infrastructure in Windows 10 but I have never seen them appear in my router let alone have an IP address assigned.

The only clues I had at the time were the MAC address or a short manufacturer code which were an Amazon Fire device & a Samsung mobile phone after googling the heck out of what was happening.

I remember reading an explanation that the unknown devices were simply probing all WiFi devices in reach and that is why they briefly appeared.
Standard User longedge
(committed) Thu 04-Jan-18 13:31:33
Print Post

Re: Unrecognised network infrastructure device.


[re: longedge] [link to this post]
 
Just to complete this thread - I tried enabling wifi again very briefly so that I could download an audiobook but the router admin page immediately became unresponsive and from my BQM I could see that it suddenly started answering pings even though that option was disabled. The router won't be used on wifi again and PlusNet have agreed to send my a HomeHub for the cost of postage. That's the end of it's working life now for the Netgear R6250 (well as soon as the postman calls it will be).

Pages in this thread: 1 | 2 | 3 | 4 | 5 | 6 | (show all)   Print Thread

Jump to