Solved Question about unknown devices on the network.

[Xeno1234]

As some members know, I have ran malware on a VM without a VPN, or the proper protection against obtaining network information. There are 2 devices on my network which I would consider unknown, and I did a IP look up for both of them.
Kaspersky has a network scanning feature where I can see the IP and mac addresses of these devices. Both of these devices, when looked up, have the same ISP and location as me. Should I be concerned about these devices being "malicious" or should I forget about them. They have been here for a while and nothing has happened to me.

 

[Bot]

It's understandable that you may be concerned about unknown devices on your network, especially considering your previous experience with running malware. While I cannot provide a definitive answer without more information, I can offer some insights to help you assess the situation.

1. ISP and location: The fact that these devices have the same ISP and location as you could mean that they are connected to the same network infrastructure. However, this alone does not necessarily indicate malicious intent. It is possible that these devices belong to other users on your network, such as family members or roommates.

2. Length of presence: If these devices have been on your network for a while and you haven't experienced any issues, it could suggest that they are not actively engaging in malicious activities. However, it's important to note that some forms of malware can remain dormant for extended periods before being activated.

3. Network scanning: Using Kaspersky's network scanning feature is a good step to identify devices on your network. However, it's important to understand that it may not provide a complete picture of all devices, especially if they are configured to be stealthy or are using techniques to hide their presence.

Given the information provided, it is difficult to determine the nature of these devices definitively. Here are a few steps you can take to further investigate the situation:

1. Change your network password: Ensure that your network is secure by changing the password to prevent unauthorized access.

2. Monitor network traffic: Consider using network monitoring tools to keep an eye on the network traffic. This can help identify any suspicious activities or unusual connections.

3. Device identification: If possible, try to physically locate the devices and identify their owners. This can help clarify whether they are legitimate devices or potential threats.

4. Consult with an expert: If you remain concerned about the presence of these devices, it may be beneficial to consult with a cybersecurity professional who can assess your network and provide guidance based on your specific situation.

Remember, it's always better to err on the side of caution when it comes to network security.

 

[Xeno1234]

I also checked the MAC Addresses online. One is a random amazon device, and according to the website its address is some random amazon corperation building. The other MAC Address is unknown.

I’m not sure when these devices popped up, but one is more recent, where as the other is older and might not be malicious, I’m not sure.

 

[harlan4096]

I think there are several similar cases in K. community, probably a small glitch in some systems introduced with last update 21.15 although I'm not getting it.

I also use this tool in my systems, try it and confirm that there is no such unknown device in Your network: Wireless Network Watcher - Show who is connected to your wireless network

Also, do You have any Amazon FireTV or TV Box similar device connected to any home TV?

What are the IPs of those unknown devices? Are in the same IP range as Your router?

 

[harlan4096]

Anyway, change Wi-Fi passwords (and/or do a router settings reset) in Your router and re-check

 

[Ink]

Remove them from your network.

Reset your WiFi Password.

Re-add authorised devices.

Both Android and iPhones can randomise their MAC addresses when connecting to WiFi points.

• iOS 14 and newer: Wi-Fi privacy
• Android 8 (Oreo) and newer: MAC Randomization Behavior | Android Open Source Project

Other devices may include, Fire TV sticks, VoIP devices, Powerline and WiFi boosters.

 

[Jonny Quest]

As well as my Amazon Echo and Dot, which did not have a description name. I had to use the MAC address from the bottom of the boxes I still had. Otherwise, you can use a smartphone app to find those numbers.

 

[ForgottenSeer 103564]

As well as my Amazon Echo and Dot, which did not have a description name. I had to use the MAC address from the bottom of the boxes I still had. Otherwise, you can use a smartphone app to find those numbers.

Net analyzer/pro found in Google Play will allow you to confirm by running a lan scan of devices on your network.

 

[Xeno1234]

I think there are several similar cases in K. community, probably a small glitch in some systems introduced with last update 21.15 although I'm not getting it.

I also use this tool in my systems, try it and confirm that there is no such unknown device in Your network: Wireless Network Watcher - Show who is connected to your wireless network

Also, do You have any Amazon FireTV or TV Box similar device connected to any home TV?

What are the IPs of those unknown devices? Are in the same IP range as Your router?

They have appeared before the most recent update. I don’t think I have any TV Box’s or similar devices. The IP range in pretty sure is the same, but I’d like to know how to check.

Unfortunately I don’t think I can convince my parents to randomly block a device on the network as they’re going to say it’s fine and I’m overreacting. They’ve been in the network for a while and nothing bad has happened.

For my PC, I can try to block connection to their IP with Kaspersky’s Firewall.

 

[SeriousHoax]

Have you checked using the app @harlan4096 mentioned and of course check on your router portal?

 

[Xeno1234]

Have you checked using the app @harlan4096 mentioned and of course check on your router portal?

I don’t have access to the router portal, my parents do.

I’ll check with what Harlan sent once I get home from school.

 

[EdwardMatthew]

If you find unknown devices on your network, especially after running malware, it's best to be cautious. First, double-check all your devices to ensure they are accounted for. Changing your Wi-Fi password can help disconnect any unknown devices. Keep an eye on your network activity for any unusual behavior. If you're still unsure, consider seeking advice from a professional or your ISP. Better safe than sorry!

 

[harlan4096]

If You have access to the router config, You can try to block those IPs also from there...

 

[ForgottenSeer 103564]

Look at the name of the router, look up the default IP for the router brand, copy and paste it into the address bar in your browser, hit enter, it will pull up either access to your portal or login page for it. Some companies are horrible at securing these. Tamper with the settings at your own risk if you can access. Your best bet is to inform your parents so they can mitigate any and all damage that may have resulted from following the advice of a few here.

I will not post in any more of your threads, not being mean, but I have said and stated everything you need to hear and know.

 

[Xeno1234]

Look at the name of the router, look up the default IP for the router brand, copy and paste it into the address bar in your browser, hit enter, it will pull up either access to your portal or login page for it. Some companies are horrible at securing these. Tamper with the settings at your own risk if you can access. Your best bet is to inform your parents so they can mitigate any and all damage that may have resulted from following the advice of a few here.

I will not post in any more of your threads, not being mean, but I have said and stated everything you need to hear and know.

Appreciate the help.

It appears that, according to Kaspersky, all devices have the same starting numbers in the IP as the router.

 

[Jonny Quest]

Appreciate the help.

It appears that, according to Kaspersky, all devices have the same starting numbers in the IP as the router.

Same thing on my end, as I checked my PC with Plus installed. I believe the router just adds the extended device numbers accordingly, as my other PC with F-Secure using the free version of Glasswire.

 

[Xeno1234]

Same thing on my end, as I checked my PC with Plus installed. I believe the router just adds the extended device numbers accordingly, as my other PC with F-Secure using the free version of Glasswire.
View attachment 279886

What’s concerning is that the device names of these unknown devices are “Unknown” and the IP of the device. I’m not sure if they are autofilled names, but I’ll try to get into the router admin panel later.

 

[Jonny Quest]

What’s concerning is that the device names of these unknown devices are “Unknown” and the IP of the device. I’m not sure if they are autofilled names, but I’ll try to get into the router admin panel later.

The unknowns I had to look up on each PC using cmd ipconfig/all and looking for the physical address in Glasswires case, and edit the names. For the Echo and Dots finding the Mac address from the bottom of the box, as those were listed as unknown, too.

 

[Xeno1234]

The unknowns I had to look up on each PC using cmd ipconfig/all and looking for the physical address in Glasswires case, and edit the names. For the Echo and Dots finding the Mac address from the bottom of the box, as those were listed as unknown, too.

What command did you use to look at the devices?

 

[Jonny Quest]

What command did you use to look at the devices?

In Command Prompt, I wasn't getting the Mac addresses I needed until I entered ipconfig/all
It can show different connections so start from the top and work down until you find the corresponding Mac address that you're seeing in Plus. You may or may not need to do that, you could just try ipconfig, and see if that gives you the address, but I found I had to include "all" for some of them (at least for Glasswire).