Solved Question about unknown devices on the network.

Status
Not open for further replies.

Xeno1234

Level 13
Thread author
Jun 12, 2023
633
As some members know, I have ran malware on a VM without a VPN, or the proper protection against obtaining network information. There are 2 devices on my network which I would consider unknown, and I did a IP look up for both of them.
Kaspersky has a network scanning feature where I can see the IP and mac addresses of these devices. Both of these devices, when looked up, have the same ISP and location as me. Should I be concerned about these devices being "malicious" or should I forget about them. They have been here for a while and nothing has happened to me.
 

Bot

AI-powered Bot
Verified
Apr 21, 2016
3,151
It's understandable that you may be concerned about unknown devices on your network, especially considering your previous experience with running malware. While I cannot provide a definitive answer without more information, I can offer some insights to help you assess the situation.

1. ISP and location: The fact that these devices have the same ISP and location as you could mean that they are connected to the same network infrastructure. However, this alone does not necessarily indicate malicious intent. It is possible that these devices belong to other users on your network, such as family members or roommates.

2. Length of presence: If these devices have been on your network for a while and you haven't experienced any issues, it could suggest that they are not actively engaging in malicious activities. However, it's important to note that some forms of malware can remain dormant for extended periods before being activated.

3. Network scanning: Using Kaspersky's network scanning feature is a good step to identify devices on your network. However, it's important to understand that it may not provide a complete picture of all devices, especially if they are configured to be stealthy or are using techniques to hide their presence.

Given the information provided, it is difficult to determine the nature of these devices definitively. Here are a few steps you can take to further investigate the situation:

1. Change your network password: Ensure that your network is secure by changing the password to prevent unauthorized access.

2. Monitor network traffic: Consider using network monitoring tools to keep an eye on the network traffic. This can help identify any suspicious activities or unusual connections.

3. Device identification: If possible, try to physically locate the devices and identify their owners. This can help clarify whether they are legitimate devices or potential threats.

4. Consult with an expert: If you remain concerned about the presence of these devices, it may be beneficial to consult with a cybersecurity professional who can assess your network and provide guidance based on your specific situation.

Remember, it's always better to err on the side of caution when it comes to network security.
 

Xeno1234

Level 13
Thread author
Jun 12, 2023
633
I also checked the MAC Addresses online. One is a random amazon device, and according to the website its address is some random amazon corperation building. The other MAC Address is unknown.

I’m not sure when these devices popped up, but one is more recent, where as the other is older and might not be malicious, I’m not sure.
 

harlan4096

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Apr 28, 2015
8,614
I think there are several similar cases in K. community, probably a small glitch in some systems introduced with last update 21.15 🤔 although I'm not getting it.

I also use this tool in my systems, try it and confirm that there is no such unknown device in Your network: Wireless Network Watcher - Show who is connected to your wireless network

Also, do You have any Amazon FireTV or TV Box similar device connected to any home TV?

What are the IPs of those unknown devices? Are in the same IP range as Your router?
 
Last edited:

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,393
Remove them from your network.

Reset your WiFi Password.

Re-add authorised devices.

Both Android and iPhones can randomise their MAC addresses when connecting to WiFi points.

Other devices may include, Fire TV sticks, VoIP devices, Powerline and WiFi boosters.
 

Xeno1234

Level 13
Thread author
Jun 12, 2023
633
I think there are several similar cases in K. community, probably a small glitch in some systems introduced with last update 21.15 🤔 although I'm not getting it.

I also use this tool in my systems, try it and confirm that there is no such unknown device in Your network: Wireless Network Watcher - Show who is connected to your wireless network

Also, do You have any Amazon FireTV or TV Box similar device connected to any home TV?

What are the IPs of those unknown devices? Are in the same IP range as Your router?
They have appeared before the most recent update. I don’t think I have any TV Box’s or similar devices. The IP range in pretty sure is the same, but I’d like to know how to check.

Unfortunately I don’t think I can convince my parents to randomly block a device on the network as they’re going to say it’s fine and I’m overreacting. They’ve been in the network for a while and nothing bad has happened.

For my PC, I can try to block connection to their IP with Kaspersky’s Firewall.
 

EdwardMatthew

New Member
Nov 7, 2023
2
If you find unknown devices on your network, especially after running malware, it's best to be cautious. First, double-check all your devices to ensure they are accounted for. Changing your Wi-Fi password can help disconnect any unknown devices. Keep an eye on your network activity for any unusual behavior. If you're still unsure, consider seeking advice from a professional or your ISP. Better safe than sorry!
 
  • Like
Reactions: vtqhtr413
F

ForgottenSeer 103564

Look at the name of the router, look up the default IP for the router brand, copy and paste it into the address bar in your browser, hit enter, it will pull up either access to your portal or login page for it. Some companies are horrible at securing these. Tamper with the settings at your own risk if you can access. Your best bet is to inform your parents so they can mitigate any and all damage that may have resulted from following the advice of a few here.

I will not post in any more of your threads, not being mean, but I have said and stated everything you need to hear and know.
 

Xeno1234

Level 13
Thread author
Jun 12, 2023
633
Look at the name of the router, look up the default IP for the router brand, copy and paste it into the address bar in your browser, hit enter, it will pull up either access to your portal or login page for it. Some companies are horrible at securing these. Tamper with the settings at your own risk if you can access. Your best bet is to inform your parents so they can mitigate any and all damage that may have resulted from following the advice of a few here.

I will not post in any more of your threads, not being mean, but I have said and stated everything you need to hear and know.
Appreciate the help.

It appears that, according to Kaspersky, all devices have the same starting numbers in the IP as the router.
 

Jonny Quest

Level 13
Mar 2, 2023
638
Appreciate the help.

It appears that, according to Kaspersky, all devices have the same starting numbers in the IP as the router.

Same thing on my end, as I checked my PC with Plus installed. I believe the router just adds the extended device numbers accordingly, as my other PC with F-Secure using the free version of Glasswire.
active connections.jpg
 

Xeno1234

Level 13
Thread author
Jun 12, 2023
633
Same thing on my end, as I checked my PC with Plus installed. I believe the router just adds the extended device numbers accordingly, as my other PC with F-Secure using the free version of Glasswire.
View attachment 279886
What’s concerning is that the device names of these unknown devices are “Unknown” and the IP of the device. I’m not sure if they are autofilled names, but I’ll try to get into the router admin panel later.
 

Jonny Quest

Level 13
Mar 2, 2023
638
What’s concerning is that the device names of these unknown devices are “Unknown” and the IP of the device. I’m not sure if they are autofilled names, but I’ll try to get into the router admin panel later.
The unknowns I had to look up on each PC using cmd ipconfig/all and looking for the physical address in Glasswires case, and edit the names. For the Echo and Dots finding the Mac address from the bottom of the box, as those were listed as unknown, too.
 
  • Like
Reactions: vtqhtr413

Xeno1234

Level 13
Thread author
Jun 12, 2023
633
The unknowns I had to look up on each PC using cmd ipconfig/all and looking for the physical address in Glasswires case, and edit the names. For the Echo and Dots finding the Mac address from the bottom of the box, as those were listed as unknown, too.
What command did you use to look at the devices?
 

Jonny Quest

Level 13
Mar 2, 2023
638
What command did you use to look at the devices?
In Command Prompt, I wasn't getting the Mac addresses I needed until I entered ipconfig/all
It can show different connections so start from the top and work down until you find the corresponding Mac address that you're seeing in Plus. You may or may not need to do that, you could just try ipconfig, and see if that gives you the address, but I found I had to include "all" for some of them (at least for Glasswire).
 
  • Like
Reactions: vtqhtr413
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top