Network scanner uknown device

[Marinos 0]

So I found an uknown device with an ip from England while I'm from greece. It was connected 3 days ago. When I went to delete it my provider didn't show it on the list. What is that device ? I'm really nervous reply ASAP

[itman 1,659]

If you are referring to Eset Network Inspector feature, the only devices shown should be associated with IP addresses assigned to your local subnet range; e.g. 192.168.1.1 - 192.168.1.255. 

Also. a Network Inspector scan should only be run if you are using the Eset Private firewall profile for the active network connection. If used on a Public firewall profile which Eset defaults to upon upon installation, yields unpredictable results.

Edited April 16, 2023 by itman

[Marcos 5,070]

Please post a screenshot of the weird device that you see in the list. However, in order to get more info about it I'm afraid you would need to make it detect again with advanced network protection logging enabled.

[Marinos 0]

It is an uknown device which ip starts from 149 and tried to connect I think 

[Marinos 0]

19 hours ago, Marcos said:

Please post a screenshot of the weird device that you see in the list. However, in order to get more info about it I'm afraid you would need to make it detect again with advanced network protection logging enabled.

Well my uncle said it may be some kind of a program that scans for ip to see if they are vulnerable but our wasn't something like that? Could it be it?

[itman 1,659]

34 minutes ago, Marinos said:

It is an uknown device which ip starts from 149 and tried to connect I think 

Again without you posting a screen shot from whatever you are using to detect this/these IP addresses, we have no idea what you are referring to.

[Marinos 0]

34 minutes ago, itman said:

Again without you posting a screen shot from whatever you are using to detect this/these IP addresses, we have no idea what you are referring to.

The ips are detected by internet inspector 

[itman 1,659]

4 minutes ago, Marinos said:

The ips are detected by internet inspector 

I believe you are referring to Network Inspector.

Did you set your active network connection to Trusted prior to running Network Inspector as I previous posted?

 

[Marinos 0]

Yeah i meant

19 minutes ago, itman said:

I believe you are referring to Network Inspector.

Did you set your active network connection to Trusted prior to running Network Inspector as I previous posted?

 

Yeah I meant network inspector but I was too lazy to correct myself. Yeah my network is trusted and I have run the scan as a trusted network now what? 

[itman 1,659]

Go here: https://www.robtex.com/ and enter the IP address you are concerned about. The web site will provide identity and ownership details.

 

[Marinos 0]

1 hour ago, itman said:

Go here: https://www.robtex.com/ and enter the IP address you are concerned about. The web site will provide identity and ownership details.

 

These sites don't show shi about the address but it is for sure malicious.

[itman 1,659]

Post the IP address.

[Marinos 0]

11 hours ago, itman said:

Post the IP address.

I am afraid to post it cause it may have to do with my father's job who works in an oil refinery and the ip comes from BP international 

[rotaru 10]

4 hours ago, Marinos said:

I am afraid to post

`So, what do you want, then?

[itman 1,659]

5 hours ago, Marinos said:

I am afraid to post it cause it may have to do with my father's job who works in an oil refinery and the ip comes from BP international 

You have failed to provide any information about what your network setup is. The above statement implies that you are not using a public ISP provider in Greece and its issued gateway/router equipment. If you are connecting to the Internet via your father's employer's network, it would explain why you are observing the IP address you are concerned about.

[Marinos 0]

2 hours ago, itman said:

You have failed to provide any information about what your network setup is. The above statement implies that you are not using a public ISP provider in Greece and its issued gateway/router equipment. If you are connecting to the Internet via your father's employer's network, it would explain why you are observing the IP address you are concerned about.

I'm sorry I failed to provide you more information but I also wanted to tell you that I couldnt scan my router with f secure . And also here is the ip 149.191.212.91

[itman 1,659]

2 hours ago, Marinos said:

And also here is the ip 149.191.212.91

That IP address is listed to BP International in the U.K. as you have already figured out. It is not a known malicious IP address.

However, this address should not be showing on an Eset Network Inspector scan of your gateway/router. It is a public IP address. Only private IPv4 addresses; i.e.;

10.0.0.0-10.255.255.255,169.254.0.0-169.254.255.255,172.16.0.0-172.31.255.255,192.168.0.0-192.168.255.255,fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff,fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff

should be displayed from Network Inspector output display.

Again, post a screen shot of Network Inspector output display showing this 149.191.212.91 IP address. You can "erase" all other IP addresses on the output display if you wish using MS Paint eraser tool.

[itman 1,659]

I have an idea as to the source of the remote device connection Eset Network Inspector originally alerted you to. Let's summarize the postings to date;

1. The remote connection originated from BP.

2. You stated your father works for BP in Greece.

Is perhaps the PC you are using an old work laptop/notebook that was originally provided to your father by BP?

Edited April 18, 2023 by itman

[Marinos 0]

11 minutes ago, itman said:

I have an idea as to the source of the remote device connection Eset Network Inspector originally alerted you to. Let's summarize the postings to date;

1. The remote connection originated from BP.

2. You stated your father works for BP in Greece.

Is perhaps the PC you are using an old work laptop/notebook that was originally provided to your father by BP?

My father works a t a refinery not for bp also I think no the device is not from bp so what else ? Couldn't be someone that logged into their wifi ?

[itman 1,659]

8 minutes ago, Marinos said:

Couldn't be someone that logged into their wifi ?

I don't know exactly how Network Inspector detects a remote device connection. What appears to have happened in your case is a remote connection from an IP address associated BP attempted to set up a connection on your gateway/router. Why this occurred is unknown. The connection attempt failed as evidenced by when you ran a Network Inspector scan, no connection existed for the IP address in question.

It appears this was a one time incident. Unless you see this activity repeated, I wouldn't be concerned about it.

Since you have your Eset network connection set up as Trusted, I advise you disable the RDP service in Eset firewall settings unless you use RDP for anything. Disabling the RDP service will cause Eset to create the necessary firewall rules to block any inbound RDP traffic.

[Marinos 0]

11 hours ago, itman said:

I don't know exactly how Network Inspector detects a remote device connection. What appears to have happened in your case is a remote connection from an IP address associated BP attempted to set up a connection on your gateway/router. Why this occurred is unknown. The connection attempt failed as evidenced by when you ran a Network Inspector scan, no connection existed for the IP address in question.

It appears this was a one time incident. Unless you see this activity repeated, I wouldn't be concerned about it.

Since you have your Eset network connection set up as Trusted, I advise you disable the RDP service in Eset firewall settings unless you use RDP for anything. Disabling the RDP service will cause Eset to create the necessary firewall rules to block any inbound RDP traffic.

What's rdp?

[Marinos 0]

Another problem is that I have a device which in eset displays as android mobile but just my internet configuration is displayed as pc

[Nightowl 202]

12 hours ago, Marinos said:

Couldn't be someone that logged into their wifi ?

When ESET shows blocked attempts in Firewall logs or in Network Troubleshooter

It means that the firewall is working and blocking attempts from the Internet

But for example if you are connected to an Office WIFI or Home WIFI , and yet you are still seeing some Public IP addresses are trying to communicate with your PC , then you have to check your router and properly configure the firewall to block or reject all Incoming connections and keep All Outgoing as allowed , this incase  you don't use any kind of service or portforwarding inside your LAN and have no need to come from Internet Side to Office/Home side.

[Marinos 0]

4 minutes ago, Nightowl said:

When ESET shows blocked attempts in Firewall logs or in Network Troubleshooter

It means that the firewall is working and blocking attempts from the Internet

But for example if you are connected to an Office WIFI or Home WIFI , and yet you are still seeing some Public IP addresses are trying to communicate with your PC , then you have to check your router and properly configure the firewall to block or reject all Incoming connections and keep All Outgoing as allowed , this incase  you don't use any kind of service or portforwarding inside your LAN and have no need to come from Internet Side to Office/Home side.

I don't think it blocked it. It just says connected 6 days ago. Since then it hasn't logged in again. Or tried anyway.

Edited April 19, 2023 by Marinos

[Nightowl 202]

2 minutes ago, Marinos said:

I don't think it blocked it. It just says connected 6 days ago. Since then it hasn't logged in again. Or tried anyway.

I understood what you mean now,

The Network Scanner that shows you which devices were inside your LAN

Incase it's your LAN and it shows some Public IP from the scan , can you post a screenshot of it ? , you can blur most of the IP if you don't want to show it.

And also for your better peace of mind , update your router to latest version offered by manufacturer , and change your WIFI passwords and check the computers that are connected in the network that they aren't somehow infected (could be not).