Jump to content

Hidden IP in my network (kind of)


Recommended Posts

Hi, I'm new here.

At my workplace I am a software developer (I'm a software man, not a hardware one), but I have to monitor a network of 100 Windows XP PC's. A month ago I replaced an old router by a new one (ZyWALL 35), which is set to manage static IPs such as 10.10.x.y. Those IPs are listed by me and assigned as is necessary.

A week ago I discovered in the router Reports an IP (10.10.x.36), not assigned by me. This IP was downloading big, something like 600 MB in a few hours. This IP is seen only by the router, but the router sees no other information - the workgroup name, the user name or something else.

Other scanning software (LanHelper, MyLanViewer, Look@Lan) don't see the IP and, consequently, no other information on it.

PingPlotter says "Destination address unreachable".

So, my conclusion was that the PC is protecting himself, maybe using a firewall with a strong setting.

I was searching physically, office by office - I didn't see any external PC or notebook.

Is there a method to find out what is this station with the not-assigned-by-me IP?

TIA,

John

Edited by isandu
Link to comment
Share on other sites


Try blocking that MAC address and see who complains. It's not hi-tech, but if it is one of your company's machines, blocking that machine will ID the person doing the downloading because they won't be able to work. If not, you've just blocked a security risk.

Link to comment
Share on other sites

Try blocking that MAC address and see who complains. It's not hi-tech, but if it is one of your company's machines, blocking that machine will ID the person doing the downloading because they won't be able to work. If not, you've just blocked a security risk.

I wish and I would do so, but I don't have the MAC address - the IP address it's all I see...

Link to comment
Share on other sites

Enable MAC address filtering in your router and build a list of allowed MAC addresses for all computers that connect to that router. This way only authorized machines will be able to access the it.

Edited by amocanu
Link to comment
Share on other sites

Enable MAC address filtering in your router and build a list of allowed MAC addresses for all computers that connect to that router. This way only authorized machines will be able to access the it.

This is a nice solution, I'll try it as soon as I'll have a little bit of time.

amocanu, if you're Romanian write me a private message.

Link to comment
Share on other sites

Try blocking that MAC address and see who complains. It's not hi-tech, but if it is one of your company's machines, blocking that machine will ID the person doing the downloading because they won't be able to work. If not, you've just blocked a security risk.

I wish and I would do so, but I don't have the MAC address - the IP address it's all I see...

If you're using a Windows machine and are in the same broadcast domain, open a command prompt and type the following:

ping 10.10.x.36
arp -a

You should see the IP with the corresponding MAC address.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...