BleepingComputer.com: suspicious MAC addresses in my 2Wire Gateay

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

suspicious MAC addresses in my 2Wire Gateay

#1 User is offline   Man_or_Astroman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 27
  • Joined: 27-April 10
  • Gender:Male
  • Location:US

Posted 04 May 2010 - 10:29 PM

I've got a Wireless 2Wire Gateway. When viewing the list of computers that are using the gateway, through my browser, it is showing two extra IP address and I have no idea where they are coming from. There are MAC addresses associated with these two IP addresses, that are NOT mine.

I have changed my WPA password, I changed the Network name in the router, I unplugged the router temporarily and let it power back up and these two entries will not go away. I contacted AT&T and they don't know what to do about it.


If I reinstalled the firmware would that get rid of them ?

This post has been edited by Man_or_Astroman: 04 May 2010 - 10:30 PM

Do your part and SANITIZE. Keep your computer virus-free.

#2 User is offline   meuchel 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 275
  • Joined: 05-April 10
  • Gender:Male

Posted 05 May 2010 - 11:32 AM

does your router have a mac address filter option?
you could filter access to your router by allowing only the mac addresses of trusted systems.
is there anything plugged into the router that would pull an ip like a printer?
is there anything like a cellphone that you would have configured for wireless access?

#3 User is offline   AMD010 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 109
  • Joined: 02-March 06
  • Gender:Male
  • Location:kansas

Posted 06 May 2010 - 10:49 PM

try using the strongest encryption your hardware can handle if someone is already cracking your WPA encryption. you can use the mac filtering option, but a fairly tech savvy person can easily capture your mac-address and then spoof it. if
Win XP Pro, Windows 7, Ubuntu. AMD Athlon X2 5600+ 4x1GB DDR2800, 500 GB SATA, Geforce 8500GT.

MCTS, A+, Net+.

Microsoft: "You've got questions. We've got dancing paperclips."



Posted Image
Fight Spam! Click Here!

#4 User is offline   Man_or_Astroman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 27
  • Joined: 27-April 10
  • Gender:Male
  • Location:US

Posted 07 May 2010 - 07:43 PM

Mac filtering does not work on my router. Whenever I enable it, it prevents one of my desktop computers, which is using a wireless G card, from connecting to the router. Regardless, I have tried blocking the two Mac addresses that are associated with the unknown ip addresses and they are still there, showing as "active" in my router.

There is no printer using an IP address or cell phone.


As I said, I have changed the WPA2 password, and the two unknown IP/mac addresses are still showing... I changed the network name on the router as well, and changed the log in password..
Do your part and SANITIZE. Keep your computer virus-free.

#5 User is offline   Man_or_Astroman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 27
  • Joined: 27-April 10
  • Gender:Male
  • Location:US

Posted 07 May 2010 - 09:27 PM

I just removed the 2Wire gateway router and now I'm using a plain old modem instead, that I had laying around.

I've tried everything I know of to get rid of those entries in my router and nothing works. If I was a security expert I might be able to tell better if my router has been hacked, but an expert I am not, so until I find out what's going on I'll just stick to my work-around.

Windows Vista firewall will have to suffice, for now..


:thumbsup: 2Wire Gateway
Do your part and SANITIZE. Keep your computer virus-free.

#6 User is offline   meuchel 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 275
  • Joined: 05-April 10
  • Gender:Male

Posted 10 May 2010 - 10:34 AM

hmm...do you notice those mac's now on your modem?

#7 User is offline   CaveDweller2 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 1,309
  • Joined: 02-July 09
  • Gender:Male

Posted 12 May 2010 - 04:18 AM

Did you reset the 2Wire and set your security back up?

With WPA you can use letters(caps count), numbers, symbols and spaces. So just use a simple 4 - 5 word sentence as your PW.

If enabling the MAC filtering caused a machine not to connect then you didn't set it up correctly.
Hope this helps Posted Image

Posted Image

OlllllllO

#8 User is offline   Man_or_Astroman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 27
  • Joined: 27-April 10
  • Gender:Male
  • Location:US

Posted 14 May 2010 - 03:58 AM

View PostCaveDweller2, on May 12 2010, 02:18 AM, said:

Did you reset the 2Wire and set your security back up?


I said twice already that I changed the WPA password. Yes, I reset the Gateway.




Quote

If enabling the MAC filtering caused a machine not to connect then you didn't set it up correctly.


Just because it doesn't work does not mean I set it up wrong. Sometimes devices simply don't work as they should.

There is a check box to turn on MAC filtering, and to turn it off. There's not much to it, and it doesn't work. Even adding the Wireless G card MAC address to "allowed" devices doesn't help, and adding the two unwanted MAC addresses to "blocked" devices certainly does not help.


Quote

hmm...do you notice those mac's now on your modem?


No, the suspicious MAC address are now gone.
Do your part and SANITIZE. Keep your computer virus-free.

#9 User is offline   meuchel 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 275
  • Joined: 05-April 10
  • Gender:Male

Posted 14 May 2010 - 12:07 PM

if they only show up in the router, even after a reset, they could be internal hardware mac's of the router used for NAT.

#10 User is offline   Man_or_Astroman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 27
  • Joined: 27-April 10
  • Gender:Male
  • Location:US

Posted 14 May 2010 - 01:45 PM

I just reinstalled my OS and now the two suspicious mac addresses are gone.



I wonder if I installed some malware at some point that would cause this situation.
Do your part and SANITIZE. Keep your computer virus-free.

#11 User is offline   meuchel 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 275
  • Joined: 05-April 10
  • Gender:Male

Posted 14 May 2010 - 01:54 PM

malware
vpn software
emulation software
virtualization software

#12 User is offline   Man_or_Astroman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 27
  • Joined: 27-April 10
  • Gender:Male
  • Location:US

Posted 14 May 2010 - 02:18 PM

What kind of emulation or virtualization programs can be used in networking? I'm relatively new to the networking game.
Do your part and SANITIZE. Keep your computer virus-free.

#13 User is offline   CaveDweller2 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Members
  • Posts: 1,309
  • Joined: 02-July 09
  • Gender:Male

Posted 18 May 2010 - 07:04 AM

View PostMan_or_Astroman, on May 14 2010, 04:58 AM, said:

Just because it doesn't work does not mean I set it up wrong. Sometimes devices simply don't work as they should.


No machines are stupid they do exactly what they are told, no more no less.
Hope this helps Posted Image

Posted Image

OlllllllO

#14 User is offline   Man_or_Astroman 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 27
  • Joined: 27-April 10
  • Gender:Male
  • Location:US

Posted 19 May 2010 - 11:40 PM

cave dweller,

If you think I'm doing it incorrectly, please tell me the correct way.


2Wire 2701HG-B

This post has been edited by Man_or_Astroman: 20 May 2010 - 03:59 AM

Do your part and SANITIZE. Keep your computer virus-free.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users