Question home network intrusion ?

[rockerrb3]

I have detected a network intrusion into my home network. I have changed the wifi password multiple times and detected multiple unknown devices on my network. Norton AntiVirus detects nothing. Is there a way to determine the physical address of a MAC address without the IP number? I have a wifi router device that requires 2 factor authentication and am going to hook it up next weekend, but I am very concerned as to what personal information this individual has gathered about me and what he will release and how and how it will affect me. I am considering forwarding the matter to law enforcement.
I am running Windows 10.

Please help.

 

[dwd999]

I have detected a network intrusion into my home network. I have changed the wifi password multiple times and detected multiple unknown devices on my network. Norton AntiVirus detects nothing. Is there a way to determine the physical address of a MAC address without the IP number? I have a wifi router device that requires 2 factor authentication and am going to hook it up next weekend, but I am very concerned as to what personal information this individual has gathered about me and what he will release and how and how it will affect me. I am considering forwarding the matter to law enforcement.
I am running Windows 10.

Please help.

Your router should be configured via Access Control or MAC binding so that it only allows connections from your list of approved devices.

 

[rockerrb3]

I have it set up that way already. There are only 3 devices listed and I am aware of what each one is. I think that this individual has written some custom code and hacked into my network. I have reached out to Norton, Netgear, and my ISP and none of them can help me.
Is there a way that I can locate the physical address of a MAC address without the IP number?

 

[DSzymborski]

The obvious question is what is the set of underlying facts that supports your hypothesis.

 

[rockerrb3]

I want to know the physical location of the MAC addresses so that I can turn them in to law enforcement. I have located these devices by going to network under My PC. Different ones have been there at different times and I do not own them.

 

[Ralston18]

MAC addresses can be spoofed and in any case the most you may get from knowing the MAC is the manufacturer.

Some devices have two MACs.

As was asked by @DSzymborski : what facts can you offer?

How did you detect the suspected intrusions? What MAC's did you find?

Make and model information for modem and router?

What network devices do you have? E.g. computer(s), printer, any IoT devices?

Run "ipconfig /all" (without quotes) via the Command Prompt and post the results.

Likewise run "arp -a" and post the results.

More information is needed.

 

[rockerrb3]

Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP-JM1BHBG
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-LM
Physical Address. . . . . . . . . : 18-66-DA-39-10-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6cc0:63a3:e0e8:634b%13(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 12, 2022 7:00:55 PM
Lease Expires . . . . . . . . . . : Thursday, October 20, 2022 1:05:15 AM
Default Gateway . . . . . . . . . : 10.0.0.1
DHCP Server . . . . . . . . . . . : 10.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 353920730
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-8F-16-5B-18-66-DA-39-10-37
DNS Servers . . . . . . . . . . . : 10.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Unknown adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9 for OpenVPN Connect
Physical Address. . . . . . . . . : 00-FF-5E-31-80-C6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Unknown adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Private Internet Access Network Adapter
Physical Address. . . . . . . . . : 00-FF-FF-D4-0E-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

-------------------------------------------------------------------------------------------------------------------------
Interface: 10.0.0.3 --- 0xd
Internet Address Physical Address Type
10.0.0.1 80-cc-9c-8f-f9-d9 dynamic
10.0.0.2 7c-64-56-0e-dc-fa dynamic
10.0.0.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.192.152.143 01-00-5e-40-98-8f static
239.255.255.250 01-00-5e-7f-ff-fa static
239.255.255.253 01-00-5e-7f-ff-fd static
255.255.255.255 ff-ff-ff-ff-ff-ff static

-------------------------------------------------------------------------------------------------------------------------
This device:
DIRECT-BA-HP ENVY Photo 7800
is currently on my network and I only own 1 printer (Epson)

 

[DSzymborski]

So you believe someone's hacked you for the purpose of you getting to access their printer? None of the other things you linked suggest anyone being on your internet unauthorized, they point to things in Windows.

You're going to need to answer some of these questions. If you can't demonstrate anything more than "there's a printer on my network I don't know," there's just about zero chance that anyone at law enforcement will think you're doing anything but wasting their time.

 

[rockerrb3]

I've found multiple other devices on my network as well. Linux PC, phones, windows PCs. Again I just want to know if it is possible to locate the physical location of a MAC address without the IP number. I have a clean criminal record and I'm not out to go and confront anyone or commit any form of violence.

 

[USAFRet]

Again I just want to know if it is possible to locate the physical location of a MAC address without the IP number.

No.

 

[DSzymborski]

I've found multiple other devices on my network as well. Linux PC, phones, windows PCs. Again I just want to know if it is possible to locate the physical location of a MAC address without the IP number. I have a clean criminal record and I'm not out to go and confront anyone or commit any form of violence.

Show, don't tell.

In any case, you came here reporting the same "intrusion" nearly a year ago here, and didn't even know how to change a router password. Until you provide actual evidence something nefarious is going on, I'm going to assume user error.

 

[Deleted member 14196]

whenever I see a question like this, I know the user doesn’t even know if they’ve had an intrusion or not. And especially when they won’t provide any data, I have a feeling this user is trolling just like he did before a year ago and this is the reason I never help with these questions. These are people who wear tinfoil hats.

if I were a mod, I would close this thread because you’re not going to get any information out of the user that’s going to help in anyway. I guess they just like to stir up drama on forums.

nobody can help. They don’t even want help just attention. This is why the thread goes on forever and ever because they won’t give any information and keep asking questions that they probably already know the answers to.

 

[Ralston18]

Agree - facts and evidence is needed.

@rockerrb3

This:

"I've found multiple other devices on my network as well. Linux PC, phones, windows PCs."

Which specific MAC addresses are you referring to?

For example: from my computer's "arp -a"

224.0.0.2 01-00-5e-00-00-02 static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.113 01-00-5e-00-00-71 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static

(Notice any similarities?)

Are those the IP's and MACs that are concerning you?

If not, then list the IP's and MACs that do concern you and make you believe you are being hacked etc..

And you have the MACs then use the following website to identify as much as you can about the devices that you have found:

https://www.ipchecktool.com/tool/macfinder

There are other similar websites available.

Still MACs can be spoofed so little or nothing may be learned.

And without any specific details then this thread will have run its course and should be closed.

Just my thoughts on the matter.