Question Unidentified IP

[legepe]

Hi all...

Im running win7 OS , huawei b900 router, with a VPN

Problem is I have an unidentified IP address which is not showing in my routers interface, Ive downloaded Wireless Network Watcher and Avira app on my phone which both show the IP address. Avira identifies it as HP Laptop, which I dont have.

Ive changed the routers password and started to initiate devices again, but then ran Wireless Network Watcher and Avira once more and the first thing to show up is the unidentified IP address. how is this possible?

Can anyone shed some light on this, and could it be a problem?

Thanks

legepe

 

[kanewolf]

Hi all...

Im running win7 OS , huawei b900 router, with a VPN

Problem is I have an unidentified IP address which is not showing in my routers interface, Ive downloaded Wireless Network Watcher and Avira app on my phone which both show the IP address. Avira identifies it as HP Laptop, which I dont have.

Ive changed the routers password and started to initiate devices again, but then ran Wireless Network Watcher and Avira once more and the first thing to show up is the unidentified IP address. how is this possible?

Can anyone shed some light on this, and could it be a problem?

Thanks

legepe

If these tools show an IP address -- can you ping it? , Since you have a VPN, whatever is at the other end of the VPN tunnel is a peer also. Is it possible that the unknown IP address is the far end of the VPN tunnel?

 

[legepe]

If these tools show an IP address -- can you ping it? , Since you have a VPN, whatever is at the other end of the VPN tunnel is a peer also. Is it possible that the unknown IP address is the far end of the VPN tunnel?

I sent the ip address to the vpn company to verify this.. and all they have come back with is I should contact my service provider... which I am unable to get a response. they said it looks like it is my own ip address which it is not!
Ive just pinged it with vpn on and vpn off.. results are the same = I get a reply. Is there a way to get more information of what device it is? Location? etc?
I am hoping there is a simple explanation to this... and its not something malicious
It is very strange to me that the phone app is recognizing it as a HP Laptop, which I dont have?
Ive even gone back into the routers interface (IP and Mac filters) and manually blacklisted the IP address and blocked the MAC address, but it still shows up..!

 

[kanewolf]

I sent the ip address to the vpn company to verify this.. and all they have come back with is I should contact my service provider... which I am unable to get a response. they said it looks like it is my own ip address which it is not!
Ive just pinged it with vpn on and vpn off.. results are the same = I get a reply. Is there a way to get more information of what device it is? Location? etc?
I am hoping there is a simple explanation to this... and its not something malicious
It is very strange to me that the phone app is recognizing it as a HP Laptop, which I dont have?
Ive even gone back into the routers interface (IP and Mac filters) and manually blacklisted the IP address and blocked the MAC address, but it still shows up..!

Is it a pubic IP or a private IP (192.168, 10.x.y.z, 100.x.y.z) ?

 

[legepe]

It is the 192.168.10.x.y.z type which i believe is private

 

[kanewolf]

It is the 192.168.10.x.y.z type which i believe is private

If it is a 192.168.x.y then it is a private IP. Is that the same range of IP addresses as the rest of your network?

 

[legepe]

yes its in the same range.. its the highest in the range

 

[kanewolf]

yes its in the same range.. its the highest in the range

That router is a cellular router. It is possible it is something on the cellular side. You could power off and remove the SIM to ensure you don't have a WAN connection. When you power back up, ou should still be able to "see" devices on the LAN side. I have never used a cellular router, so I am not an expert.

 

[legepe]

That router is a cellular router. It is possible it is something on the cellular side. You could power off and remove the SIM to ensure you don't have a WAN connection. When you power back up, ou should still be able to "see" devices on the LAN side. I have never used a cellular router, so I am not an expert.

Ok ive done what you said several times now.. I did it more than once just to make sure but then I started to get different results meaning that both tests with and without sim card - I was getting differing numbers of ip addresses... However, i can confirm the ip in question seemed to be there with and without the sim card inserted

 

[SamirD]

Super strange. This is why the USA doesn't want huawei in the infrastructure...

Here is one thing you can do, change your subnet settings to something completely different. Then see if the device's ip also changes. I would also try shutting off your dhcp server and only using static IP addresses and see what happens.

 

[legepe]

Super strange. This is why the USA doesn't want huawei in the infrastructure...

Here is one thing you can do, change your subnet settings to something completely different. Then see if the device's ip also changes. I would also try shutting off your dhcp server and only using static IP addresses and see what happens.

Sorry but I think I explained badly of what was happening during testing with and without sim card in router
The IP addresses were the same but some were missing on either side of the test.. I think i made it sound like new IP addresses were being shown
Not sure but perhaps I wasnt giving enough time for devices to be recognised within the system... family and asking them to stay off their phones etc while i was doing it was not easy.. I should do tests again once I can more easily ensure there's no one trying to connect... and report back once this is done...

 

[kanewolf]

So, if the IP really is on the LAN, then you will have to do process of elimination. Change all the passwords but don't give it to anyone. Make them bring you a device and YOU enter the password. That ensures that none of your family has given out the password.
You also need to ensure that WPS is disabled on the router.

 

[SamirD]

I would do this--wire directly into the one port and disable wifi completely. If the ip still appears, then disconnect that thing from the power and never power it on again. You'll need to get something else.

 

[legepe]

Ok, here in order is what ive done

1. unplugged router from mains power
2. switched off any devices apart form my mobile
3. powered pc in safemode with networking
4. changed username and password on PC
5. connected PC to internet through mobile phone - hotspot
6. checked IP addresses with command prompt (arp -a)

Showed 3 x 192....... IP's and 3 x 224 and 255 IP's (Did not show the Unidentified IP)

1. switched off hotspot on mobile phone
2. switched on Huawei B900 router without sim card
3. checked IP addresses again with command prompt

Showed 4 x 192....... IP's (Unidentified IP shown up) and 3 x 224 and 255 IP's - same as previous
Unusual thing is that even though Ive previously configured router interface to blacklist this IP and block its MAC address it has never shown up there. Unusual thing is that it is now shown in the router interface as an off line device!? (presumably because im in safe mode?)
Not too sure what is the best thing to do next
Any further advice would be great
Thanks
legepe

 

[SamirD]

Either that IP is something that the huawei needs, or it is a blatent backdoor or malware of some sort.

I would try defaulting the huawei and upgrading or downgrading the firmware to wipe all configuration information from it.

 

[legepe]

Either that IP is something that the huawei needs, or it is a blatent backdoor or malware of some sort.

I would try defaulting the huawei and upgrading or downgrading the firmware to wipe all configuration information from it.

Thanks so much for the reply...! all this has been driving me mad for just short of a week now..! however the short answer is blatent backdoor hacker!
The hacker was in my router and I believe had been there for quite a long time! not entirely sure how far from that they got - into pc, phones, etc... some advice on this would be much appreciated
Their IP and Mac address was hidden from view in my routers interface and I only found it from running on my phone Avira (connected devices) which showed it to be HP laptop. It showed also in command prompt and other apps I downloaded. I even manually blacklisted the IP and blocked the MAC address in my routers interface, but it continued to be connected. I tried many things including factory reset, and changing routers password many times during the processes i was doing then entering routers settings but everything was to no avail! the hacker was always one step ahead of me and was changing things at the same time as me ! I then realized they have software automatically connecting to my router as soon as I factory reset it, it obviously records the new password i use and was not allowing me to edit configurations or seemed to be blocking me, they would not allow me to turn off wifi and connect via cable
I can only now take the router to a new location away from my home and reset and password it there
What I have realized during this period is the hacker is in very close by and I am 99% certain I know who it is!
I havent completely cleaned down my pc or phone yet as I am still looking to see if I can find any traces of them either having access to it or spyware they may have installed but I am struggling to find sufficient evidence. Some advice would be welcome here.
I am currently using my phone tethered to pc though usb but I have become quite confused and paranoid with everything
I have a vpn connection but when I use it I get multiple ip addresses (up to 100) displayed in my command prompt. The ip addresses dont have MAC addresses.. is this normal..?
Any advice very welcome
legepe

 

[bill001g]

Be very sure to disable the WPS. I really wish manufactures completely removed this feature but there are way too many people that want a magic button to setup their network.

Most routers will not allow access via wifi for the initial configuration so there should be no way to get into a router you factory reset via wifi. Then again a lot of idiot people want to do the intial config with their cell phone so some manufactures have allowed wifi access when the router is using default passwords.

What you can try rather than going someplace else is to put the device in the microwave. Obviously you don't turn it on....not that you could with power and ethernet cable coming out the door. Close the door as much as you can without damaging cables.

A microwave oven runs at 1000 times the power of a router on the same 2.4g frequency. The case of the oven blocks almost 100% of the energy so it will also block the signals from your router other than the small amount that leaks out the cracks with the door not closed all the way.

It could be the huawei router has a actual backdoor password. This is why there is so much distrust of huawei in the USA. They actually shipped cell tower systems that had a backdoor password. They claim it was "accidental", that they did not disable these factory maintenance passwords. People that examine the code think that it was designed that way and only after they got caught did they even admit they existed.

Maybe buy a different brand of router.

 

[Ralston18]

Until you can confirm or deny the truth of:

"What I have realized during this period is the hacker is in very close by and I am 99% certain I know who it is!"

then whatever you do is likely to become undone if that person has physical access to your spaces, network, network connections, devices, etc..

That appears to be the history of it all as I understand your posts.

"Who it is", again if proven, must be dealt with as applicable, appropriate, and legal.

 

[legepe]

then whatever you do is likely to become undone if that person has physical access to your spaces, network, network connections, devices, etc..

Not sure if I understand.. no one has physical access to my space or network.. this is being done with wifi... and if I am able to change configurations and passwords then this should stop them.. NO?

 

[Ralston18]

Yes changing configurations and passwords should stop them.

Again if you are "99% certain" that you know who it is then remember that that is what needs to be addressed.

The "how" (wired, wireless, physical access, etc.) may not be obvious. Can you trace any and all network related wiring - does any of it go outside your space?

Overall it appears that person may have multiple ways of getting in. Perhaps ways that simply have not been found or recognized.

Did you (as suggested by @bill01g) disable WPS? If not, why not?

Do you change the router's default admin name and password?

Using a secure password that is not based on any personal information such as a birthday, pet name, favorite team,...

Consider it this way: you cannot address network problems if you are 99% certain that a specific network cable is bad but do not doing anything about the cable.

Little can be done if your suspect is left to freely hack in. It is in your interest to prove or disprove that person's culpability.

You may end up owing someone an apology but so be it. Then you can move on to other possibities.

E.g.: the aforementioned "back door" or "malware" (per @SamirD ).

 

[SamirD]

Thanks so much for the reply...! all this has been driving me mad for just short of a week now..! however the short answer is blatent backdoor hacker!
The hacker was in my router and I believe had been there for quite a long time! not entirely sure how far from that they got - into pc, phones, etc... some advice on this would be much appreciated
Their IP and Mac address was hidden from view in my routers interface and I only found it from running on my phone Avira (connected devices) which showed it to be HP laptop. It showed also in command prompt and other apps I downloaded. I even manually blacklisted the IP and blocked the MAC address in my routers interface, but it continued to be connected. I tried many things including factory reset, and changing routers password many times during the processes i was doing then entering routers settings but everything was to no avail! the hacker was always one step ahead of me and was changing things at the same time as me ! I then realized they have software automatically connecting to my router as soon as I factory reset it, it obviously records the new password i use and was not allowing me to edit configurations or seemed to be blocking me, they would not allow me to turn off wifi and connect via cable
I can only now take the router to a new location away from my home and reset and password it there
What I have realized during this period is the hacker is in very close by and I am 99% certain I know who it is!
I havent completely cleaned down my pc or phone yet as I am still looking to see if I can find any traces of them either having access to it or spyware they may have installed but I am struggling to find sufficient evidence. Some advice would be welcome here.
I am currently using my phone tethered to pc though usb but I have become quite confused and paranoid with everything
I have a vpn connection but when I use it I get multiple ip addresses (up to 100) displayed in my command prompt. The ip addresses dont have MAC addresses.. is this normal..?
Any advice very welcome
legepe

At this point if you have a suspicion of who it is, I would go to your local authorities--especially if they are local and you can prosecute them.

 

[SamirD]

Be very sure to disable the WPS. I really wish manufactures completely removed this feature but there are way too many people that want a magic button to setup their network.

Most routers will not allow access via wifi for the initial configuration so there should be no way to get into a router you factory reset via wifi. Then again a lot of idiot people want to do the intial config with their cell phone so some manufactures have allowed wifi access when the router is using default passwords.

What you can try rather than going someplace else is to put the device in the microwave. Obviously you don't turn it on....not that you could with power and ethernet cable coming out the door. Close the door as much as you can without damaging cables.

A microwave oven runs at 1000 times the power of a router on the same 2.4g frequency. The case of the oven blocks almost 100% of the energy so it will also block the signals from your router other than the small amount that leaks out the cracks with the door not closed all the way.

It could be the huawei router has a actual backdoor password. This is why there is so much distrust of huawei in the USA. They actually shipped cell tower systems that had a backdoor password. They claim it was "accidental", that they did not disable these factory maintenance passwords. People that examine the code think that it was designed that way and only after they got caught did they even admit they existed.

Maybe buy a different brand of router.

Great idea about the microwave for a faraday cage, and thank you for the additional information on huawei and the f ing chinese gov. And people think this virus was an 'accident' too... biowarfare chinese gov style...

 

[SamirD]

Yes changing configurations and passwords should stop them.

Normally this would work, but it sounds like this individual is in the device on a lower level--perhaps in a backdoor or other hack. At this point, I would disconnect the device and sit it aside for a year or so to shake the hacker.