: 10.198.149.7 showing up on router with MAC 00:21:e9:xx:xx:xx
2008-09-05, 01:04 AM
I run a home network in the 192.168.x.x series of IP numbers, and then assign a fixed Ip number to every new device the family owns as it's MAC is found by the router
Anyway there is usually nothing in the "unknown MAC list" because of me assigning fixed IP's
So today this entry suddenly shows up, the router will only allocates addresses in the 192.168.x.x range, but here is 10.198.149.7 showing up on router with MAC 00:21:e9:xx:xx:xx
No warning entries in router logs, either in- or out-going
What could this be?
2008-09-05, 07:56 AM
If your network has been compromised (see my comments below) than a MAC address may well be spoofed and useless, however:
According to http://standards.ieee.org/regauth/oui/index.shtml the MAC is from Apple... You didn't say if you're an Apple user, so that may or may not be very helpful.
00-21-E9 (hex) Apple, Inc
0021E9 (base 16) Apple, Inc
1 Infinite Loop
Cupertino CA 95014
This could also be some sort of plug and play type activity... Apple has "bonjour"... did someone get some iPhone or iPod with wireless recently?
The fact that you have a private IP address in a different range (a Class A 10.x.x.x address as opposed to the 192.168.x.x Class C you're using) is pretty suspect... that address should not be routed in your network, but no doubt it will because a lot of home equipment is designed so things just work, even when they don't make much sense. (Ease of use trumps security.)
You didn't give enough details about your setup, but I'm guessing you have wireless in your network... and I am guessing that some device you don't own has found a way into your network... and I'm guessing its not a good thing...
Make sure you're not using WEP as its so weak as to be useless... You should be using WPA2 (or at least WPA) (and if you're a Windows user, you may need to search the MS knowledge base for necessary hotfixes for WPA2/WPA). Once you switch to WPA2/WPA you still need a good strong (i.e. random) password, try generating one here: https://www.grc.com/passwords.htm . Make sure you've set/changed the administrative password on your router, and ideally you should lock your router down so that it cannot be accessed from outside of your network (preferably it should only be accessible from a device wired into your network, not configurable by a wireless connection.)
placeholder very informative post. Thanks.
2008-09-05, 10:11 AM
Where is this info showing up? In the DHCP list? MAC filter list?
2008-09-05, 10:25 AM
Odd that the IP is there, but there is no way it can route IP traffic to your other devices, or use your connection for Internet access.
Other traffic that isn't IP dependent - stuff like NetBEUI or Appletalk (Windows/MAC file sharing protocols) could be a problem.
2008-09-05, 10:34 AM
Turn off all your computers, turn off the router, turn the router on, let it boot completely till the leds stop flashing, turn on your main machine, check the IP information, looking for the 10.xxx.xxx.xxx number, if it is no longer there, turn on each computer or wireless device 1 at a time, each time looking for the 10 number......this way you can determine if it is your local network or coming from an outside source......
Just a thought
2008-09-05, 12:29 PM
Firstly, thanks to all for thought put into replying, esp Placeholder
To answer some of the suggestions - iPhone? - guilty as charged, sir! - so this may be the culprit
I do use/see both Bonjour and MobileMe (a syncing seervice)
Actually I notice now that one of the iphone MAC's does match the one I gave - hadn't noticed that before!
Yes, I do have WiFi, anlready using a randomly generated WPA2
The address showed up on the router, which will show a list of non-recognised MAC's
Otherwise router is fiarly tightly setup, but I do allow uPnp, which seems to facilitate some out/in traffic, and have a few other ports open (eg Slingplayer etc)
Will try a total turnoff, but I suspect Apple is the culprit
Note I did edit out my exact MAC from the title - thanks again