Network scanner uknown device

[Marinos 0]

41 minutes ago, Nightowl said:

I understood what you mean now,

The Network Scanner that shows you which devices were inside your LAN

Incase it's your LAN and it shows some Public IP from the scan , can you post a screenshot of it ? , you can blur most of the IP if you don't want to show it.

And also for your better peace of mind , update your router to latest version offered by manufacturer , and change your WIFI passwords and check the computers that are connected in the network that they aren't somehow infected (could be not).

 

In the providers website it shows only my devices that I know and not the ip. Idk what you are telling me . 

Edited April 19 by Marinos

[itman 1,594]

I realized what I posted about how Network Inspector works wasn't correct. I will correct that below and clarify how it works.

 Network Inspector in regards to detecting and alerting when a new device has been set up on the network entails two activities.

The first activity performed is when Windows starts up, Network Inspector will map all devices connected to the local network and store that information. You can see what was mapped by opening a command prompt window and entering:

arp -av

Displayed will be a long list of IPv4 addresses; one entry for each IP address for your router delegated local network address range; e.g. 192.168.1.1 - 192-168.1.255. Only physical devices attached to your local network will show a MAC address. The rest of addresses will show zeros in the MAC address field.

Network Inspector will issue a new device detected alert when a new device is connected to the local network. It does this by referencing the above list of previously discovered devices. If the MAC address doesn't match a previously discovered one, the alert is issued. There are two types of alerts:

Quote

There are two types of notifications displayed by the Network Inspector module:

•New device connected to the network—displayed if a previously unseen device connects to the network while the user is connected.

•New network device found—displayed if you reconnect to your trusted network and a previously unseen device is now present.

Both notification types inform you if an unauthorized device is trying to connect to your network. Click View device details to show the details.

 

https://help.eset.com/essp/16.1/en-US/idh_page_homenetwork_protection.html Both the above alerts can be benign; e.g. you connected a new device to the local network or an existed network device previously disconnected from the network has reconnected to it. You have to capture the MAC address for the detected new device and compare it to MAC address of known devices connected to the local network to verify if the new device connection is legit or the result of the router/gateway being compromised. As far as I am aware of the above is the extent of Network Inspector new device alert detection. As far as this BP based IP address you referenced, did the Network Inspector alert reference that IP address in some way? I can't see how that is possible.

 

 

Edited April 19 by itman

[Marinos 0]

18 minutes ago, itman said:

I realized what I posted about how Network Inspector works wasn't correct. I will correct that below and clarify how it works.

 Network Inspector in regards to detecting and alerting when a new device has been set up on the network entails two activities.

The first activity performed is when Windows starts up, Network Inspector will map all devices connected to the local network and store that information. You can see what was mapped by opening a command prompt window and entering:

arp -av

Displayed will be a long list of IPv4 addresses; one entry for each IP address for your router delegated local network address range; e.g. 192.168.1.1 - 192-168.1.255. Only physical devices attached to your local network will show a MAC address. The rest of addresses will show zeros in the MAC address field.

Network Inspector will issue a new device detected alert when a new device is connected to the local network. It does this by referencing the above list of previously discovered devices. If the MAC address doesn't match a previously discovered one, the alert is issued. There are two types of alerts:

https://help.eset.com/essp/16.1/en-US/idh_page_homenetwork_protection.html Both the above alerts can be benign; e.g. you connected a new device to the local network or an existed network device previously disconnected from the network has reconnected to it. You have to capture the MAC address for the detected new device and compare it to MAC address of known devices connected to the local network to verify if the new device connection is legit or the result of the router/gateway being compromised. As far as I am aware of the above is the extent of Network Inspector new device alert detection. As far as this BP based IP address you referenced, did the Network Inspector alert reference that IP address in some way? I can't see how that is possible.

 

 

I may miss something but the ip is completely different than the other devices so what the point of searching for the Mac address 

[Marinos 0]

1 hour ago, itman said:

I realized what I posted about how Network Inspector works wasn't correct. I will correct that below and clarify how it works.

 Network Inspector in regards to detecting and alerting when a new device has been set up on the network entails two activities.

The first activity performed is when Windows starts up, Network Inspector will map all devices connected to the local network and store that information. You can see what was mapped by opening a command prompt window and entering:

arp -av

Displayed will be a long list of IPv4 addresses; one entry for each IP address for your router delegated local network address range; e.g. 192.168.1.1 - 192-168.1.255. Only physical devices attached to your local network will show a MAC address. The rest of addresses will show zeros in the MAC address field.

Network Inspector will issue a new device detected alert when a new device is connected to the local network. It does this by referencing the above list of previously discovered devices. If the MAC address doesn't match a previously discovered one, the alert is issued. There are two types of alerts:

https://help.eset.com/essp/16.1/en-US/idh_page_homenetwork_protection.html Both the above alerts can be benign; e.g. you connected a new device to the local network or an existed network device previously disconnected from the network has reconnected to it. You have to capture the MAC address for the detected new device and compare it to MAC address of known devices connected to the local network to verify if the new device connection is legit or the result of the router/gateway being compromised. As far as I am aware of the above is the extent of Network Inspector new device alert detection. As far as this BP based IP address you referenced, did the Network Inspector alert reference that IP address in some way? I can't see how that is possible.

 

I did what you told me and the mac address didn't match any of the devices that are shown at the network inspector. Now what

[Marinos 0]

1 hour ago, itman said:

I realized what I posted about how Network Inspector works wasn't correct. I will correct that below and clarify how it works.

 Network Inspector in regards to detecting and alerting when a new device has been set up on the network entails two activities.

The first activity performed is when Windows starts up, Network Inspector will map all devices connected to the local network and store that information. You can see what was mapped by opening a command prompt window and entering:

arp -av

Displayed will be a long list of IPv4 addresses; one entry for each IP address for your router delegated local network address range; e.g. 192.168.1.1 - 192-168.1.255. Only physical devices attached to your local network will show a MAC address. The rest of addresses will show zeros in the MAC address field.

Network Inspector will issue a new device detected alert when a new device is connected to the local network. It does this by referencing the above list of previously discovered devices. If the MAC address doesn't match a previously discovered one, the alert is issued. There are two types of alerts:

https://help.eset.com/essp/16.1/en-US/idh_page_homenetwork_protection.html Both the above alerts can be benign; e.g. you connected a new device to the local network or an existed network device previously disconnected from the network has reconnected to it. You have to capture the MAC address for the detected new device and compare it to MAC address of known devices connected to the local network to verify if the new device connection is legit or the result of the router/gateway being compromised. As far as I am aware of the above is the extent of Network Inspector new device alert detection. As far as this BP based IP address you referenced, did the Network Inspector alert reference that IP address in some way? I can't see how that is possible.

 

 

I'm pretty sure you haven't understood what happened so 6 days ago this thing happened. But my laptop was closed and I saw that 3 days after. So I don't know what happened between these two spaces

[Marinos 0]

1 hour ago, itman said:

I realized what I posted about how Network Inspector works wasn't correct. I will correct that below and clarify how it works.

 Network Inspector in regards to detecting and alerting when a new device has been set up on the network entails two activities.

The first activity performed is when Windows starts up, Network Inspector will map all devices connected to the local network and store that information. You can see what was mapped by opening a command prompt window and entering:

arp -av

Displayed will be a long list of IPv4 addresses; one entry for each IP address for your router delegated local network address range; e.g. 192.168.1.1 - 192-168.1.255. Only physical devices attached to your local network will show a MAC address. The rest of addresses will show zeros in the MAC address field.

Network Inspector will issue a new device detected alert when a new device is connected to the local network. It does this by referencing the above list of previously discovered devices. If the MAC address doesn't match a previously discovered one, the alert is issued. There are two types of alerts:

https://help.eset.com/essp/16.1/en-US/idh_page_homenetwork_protection.html Both the above alerts can be benign; e.g. you connected a new device to the local network or an existed network device previously disconnected from the network has reconnected to it. You have to capture the MAC address for the detected new device and compare it to MAC address of known devices connected to the local network to verify if the new device connection is legit or the result of the router/gateway being compromised. As far as I am aware of the above is the extent of Network Inspector new device alert detection. As far as this BP based IP address you referenced, did the Network Inspector alert reference that IP address in some way? I can't see how that is possible.

 

 

Also for some reason my antiphising doesn't work. At least the amtso website 

[itman 1,594]

1 hour ago, Marinos said:

I may miss something but the ip is completely different than the other devices so what the point of searching for the Mac address 

To clarify, open command prompt window and enter:

arp -av

Do you see IP address,149.191.212.91, listed on the display output? Or, any IP address listed not within your router assigned IPv4 range; e.g. 192.168.1.1 - 192.168.1.255.  Ignore the following addresses:

224.0.0.22           
224.0.0.251      
224.0.0.252         
239.255.255.250      
255.255.255.255

Edited April 19 by itman

[itman 1,594]

44 minutes ago, Marinos said:

Also for some reason my antiphising doesn't work. At least the amtso website 

Same here. Appears to be a problem with the AMTSO web site. Eset phishing protection does work:

[Marinos 0]

1 hour ago, itman said:

To clarify, open command prompt window and enter:

arp -av

Do you see IP address,149.191.212.91, listed on the display output? Or, any IP address listed not within your router assigned IPv4 range; e.g. 192.168.1.1 - 192.168.1.255.  Ignore the following addresses:

224.0.0.22           
224.0.0.251      
224.0.0.252         
239.255.255.250      
255.255.255.255

I can't try it right now but how will that help

[itman 1,594]

1 hour ago, Marinos said:

I can't try it right now but how will that help

We're trying to establish if a rouge device has been established on your gateway/router. Alternatively, you can just run another Network Inspector scan. If all devices shown are known to you as legit devices connected to local network, then you don't have a problem.

As far as the Android phone showing as a PC device, it is common for Network Inspector to misidentify a device.

[Marinos 0]

14 minutes ago, itman said:

We're trying to establish if a rouge device has been established on your gateway/router. Alternatively, you can just run another Network Inspector scan. If all devices shown are known to you as legit devices connected to local network, then you don't have a problem.

As far as the Android phone showing as a PC device, it is common for Network Inspector to misidentify a device.

No the android device is my mom's phone but why should I run the command I already have checked which devices are connected to my internet through my providers website

[Marinos 0]

3 hours ago, itman said:

To clarify, open command prompt window and enter:

arp -av

Do you see IP address,149.191.212.91, listed on the display output? Or, any IP address listed not within your router assigned IPv4 range; e.g. 192.168.1.1 - 192.168.1.255.  Ignore the following addresses:

224.0.0.22           
224.0.0.251      
224.0.0.252         
239.255.255.250      
255.255.255.255

Tried it no bad ip occurred except for the common ones

[Marinos 0]

3 hours ago, itman said:

To clarify, open command prompt window and enter:

arp -av

Do you see IP address,149.191.212.91, listed on the display output? Or, any IP address listed not within your router assigned IPv4 range; e.g. 192.168.1.1 - 192.168.1.255.  Ignore the following addresses:

224.0.0.22           
224.0.0.251      
224.0.0.252         
239.255.255.250      
255.255.255.255

Does that mean that I'm safe now that no 149 occurred?

[itman 1,594]

1 hour ago, Marinos said:

Tried it no bad ip occurred except for the common ones

Does that mean that I'm safe now that no 149 occurred?

Yes.

If your still concerned about your gateway/router, do what Eset Network Inspector recommends; do a hard reset of the router/gateway.

[itman 1,594]

One final item I forgot to mention.

Verify your gateway/router uses strong password in regards to access of its settings. My ISP provided one is 10 characters long and such an ungodly combination of alpha, numeric, and special characters I am confident it is hack proof.

[Marinos 0]

7 hours ago, itman said:

One final item I forgot to mention.

Verify your gateway/router uses strong password in regards to access of its settings. My ISP provided one is 10 characters long and such an ungodly combination of alpha, numeric, and special characters I am confident it is hack proof.

Of course and my wifi password is worst than the WW2 Enigma, isn't everyone's password like that?

[Marinos 0]

9 hours ago, itman said:

One final item I forgot to mention.

Verify your gateway/router uses strong password in regards to access of its settings. My ISP provided one is 10 characters long and such an ungodly combination of alpha, numeric, and special characters I am confident it is hack proof.

Oh wait you aren't talking about the password. So no it's not 10 digits but it's effective I guess