We recently changed from ATT DSL in AUG-Sep to Comcast 50 MB.All has been going along fine untill about the first of November. Our LAN became unresponsive, and I could not log onto the Comcast Router (A Cisco DPC3939). I disconnected everything from the Gateway, and did a Hard reset. After this I was able to login to the router and re-configure it to meet my needs, which mainly meant inserting my own SSID's and changing the address over to a 192.168.1.1 vs 10.0.0.1.
Being curious about what had happened; I started checking the "Stuff" in my LAN... We have 2 HP Touch smart computers, a Synology NAS,Cannon 8220 Printer, and several other things. The LAN contains both Static and Dynamic addresses. While inspecting the LAN side of our network, I noticed a node at 192.168.1.254. I can Ping it without problem, but scanning it with a network scanner, looking for open ports, etc, I don't seem to be able to contact this node in any way other than Ping.
This unknown node has a suspicious MAC address of : 00:05:04:03:02:01. The first 3 hex groups point to Naray Information and Communication Enterprise, which is a actual electronics mfgr in Taiwan. I suspect the MAC address is being spoofed by the DPC3939 Gateway. Several days after I noted this node, I had occasion to visit my Son-In-Law, who also has Comcast service. The exact same Node exists on his LAN, and has the same suspicious MAC address.
Can anyone explain where this is coming from? Is this, perhaps part of the VOIP capabilities (which we do not use)?? Is this part of the XfinityWIFI hot spot service I have seen so much about?? Is it part of the Comcast Home Security service (which we also do not use)?? I am a little uneasy with some unknown node on my network, in light of the meltdown we had at the beginning of the month.
Thanks for your time, and any help you can lend
Result.txt 77.5KB 17 downloads
Edited by mikewebb99, 24 November 2014 - 04:25 PM.