I need assist to recognize the kind of a rogue IP an equipment that appeared in DHCP of mine network today. It"s MAC deal with is "C8:7D:77.xx.xx.xx", that coincides to OUI "Shenzhen Kingtech interaction Equipment Co.,Ltd". The IP deal with gets online and also offline randomly, possibly because it is a portable machine (laptop, smartphone or tablet) - but I"m not 100% sure. The computer system name that was registered come DHCP was eth0..com, and also that eth0 is linux-like to mine knowledge.

You are watching: Shenzhen bilian electronic on my wifi

At the moment I haven"t discovered a single reference that that form of OUI, and the network devices I have (APs and Switches) room not very convenient to assist me isolation the ar of this MAC address in the network.

Any advice is welcome.

Dimitris


finest Answer
*

Poblano
OP
eaglefly21
This human being is a proved professional.
Verify her account to enable IT peers to view that you are a professional.
may 29, 2014 at 15:51 UTC

Kind the obvious, yet scan v discoverhotmail.com? If discoverhotmail.com is reading data from her switches, you might get lucky and find the end the port it is associated to.OR you could examine the MAC table on each switch to check out which port that MAC resolve is coming from, and also follow the switches earlier to the offending port.HTH and good luck! to be there, excellent that! 


view this "Best Answer" in the replies below »
Popular object in basic Networking
*

discoverhotmail.com aid Desk

The help desk software for IT. Free.

Track users" the needs, easily, and with only the attributes you need.


Learn an ext »

23 Replies


· · ·
*

Serrano
OP
Andy R
This human is a verified professional.
Verify her account to allow IT peers to see that you space a professional.
may 29, 2014 at 14:22 UTC

I would inspect my APs to check out what MACs are associated to them... At least that can give girlfriend an area to start looking.


0
· · ·
*

Thai Pepper
OP
JCBeard
This person is a proved professional.
Verify her account to enable IT partner to view that you are a professional.
may 29, 2014 at 14:23 UTC

This sounds favor a phone call or tablet computer that is coming in and also out. Block that from mac address from acquiring an resolve and then view who complains that they cant obtain internet. If the is a phone, climate they will certainly be making use of their data package rather than your network and you can never hear from them.


5
· · ·
*

Mace
OP
brianwhelton
This human being is a confirmed professional.
Verify her account to enable IT partner to view that you room a professional.
may 29, 2014 at 14:24 UTC

Whelton Network remedies is one IT service provider.


If making use of a cisco switchdo the following.

show mac address-table

or

show mac address-table dynamic

 You should get an output favor this

-------------------------------------------

Vlan Mac Address form Ports---- ----------- -------- ----- 45 0018.b945.d5a9 DYNAMIC Fa0/19 45 0018.b945.f780 DYNAMIC Fa0/5 45 0018.b974.528f DYNAMIC Fa0/16 56 0018.b945.f781 DYNAMIC Fa0/16

Trace the cable kind the switch and also shout in ~ the perp!


3
· · ·
Jalapeno
OP
mwhited may 29, 2014 in ~ 14:25 UTC

Dimitris9789 wrote:

Hello it people.

I need aid to recognize the kind of a rogue IP device that showed up in DHCP of my network today. It"s MAC deal with is "C8:7D:77.xx.xx.xx", that synchronizes to OUI "Shenzhen Kingtech communication Equipment Co.,Ltd". The IP address gets online and also offline randomly, possibly because it is a portable device (laptop, smartphone or tablet) - yet I"m not 100% sure. The computer system name that was registered come DHCP to be eth0..com, and that eth0 is linux-like to mine knowledge.

At the moment I haven"t uncovered a solitary reference the that form of OUI, and also the network devices I have actually (APs and also Switches) are not an extremely convenient to help me isolation the location of this MAC resolve in the network.

Any advice is welcome.

Dimitris

I agree through JC...block the sucker and also see who complains about it and also then you will recognize who it is....


1
· · ·
Datil
OP
Jared7469 might 29, 2014 in ~ 14:26 UTC

We had actually an engineer when power reset a WAP for this reason he could get ~ above the wifi through his phone. I know shame on us for reasoning we can trust our users.


1
· · ·
Serrano
OP
Andy R
This human being is a proved professional.
Verify your account to permit IT peers to view that you room a professional.
might 29, 2014 in ~ 14:26 UTC

Brian has the appropriate idea if that is wired!


0
· · ·
Chipotle
OP
Andrew-VEC may 29, 2014 at 14:30 UTC

Block the MAC and also then take into consideration using 802.1x authentication or NAP for extr security to prevent that native happening again.


0
· · ·
Jalapeno
OP
jabeatty might 29, 2014 at 14:41 UTC

I need aid to identify the kind of a rogue IP maker that appeared in DHCP of mine network today. It"s MAC resolve is "C8:7D:77.xx.xx.xx", that corresponds to OUI "Shenzhen Kingtech interaction Equipment Co.,Ltd".

Looks choose they produce a hold of various mobile devices, and some health-related and also medical devices. 

Is anyone wearing a holter monitor or comparable medical maker that "phones home" every few hours?


0
· · ·
Sonora
OP
Dimitris9789 may 29, 2014 in ~ 14:43 UTC

I checked all APs and this MAC is not registered to any of castle - that is a bit worrying. It may be part malfunctioning network adapter or worse.

Thank you for your useful hints. If you have actually seen this "Shenzhen Kingtech communication Equipment Co.,Ltd" before, you re welcome let me recognize what sort of equipment I must be searching for.


0
· · ·
Thai Pepper
OP
Mac foolish
This human being is a verified professional.
Verify her account to enable IT peers to view that you are a professional.
may 29, 2014 in ~ 14:46 UTC

I agree, block that in the an initial instance!

Judging by the name its more than likely a non de-script device. The sort of thing you"d buy cheap from Hong Kong ~ above eBay. It can be anything IP related, webcam, LAN hard drive caddy, cheap WiFi dongle, lol blah blah....

To quote from:

http://www.tradekey.com/company/Kingtech-Electronic-Technology-Limited-5813749.html

"Shenzhen Kingtech digital Co., Ltd. Is a leading manufacturer expert designer and also OEM/ODM supplier of digital customer electronic products"


0
· · ·
Ghost Chili
OP
Sean wolsey
This person is a verified professional.
Verify your account to allow IT peers to check out that you are a professional.
might 29, 2014 in ~ 14:52 UTC

The name of the machine vendor sounds like a mobile maker (phone, tablet computer etc), more than likely android-based. I"ll repeat the advice currently given to block the MAC and see who gripes.


0
· · ·
Serrano
OP
BD23502 may 29, 2014 in ~ 15:08 UTC

Sean wolsey wrote:

The surname of the machine vendor sounds favor a mobile device (phone, tablet computer etc), more than likely android-based. I"ll repeat the advice already given to block the MAC and see that gripes.

Agreed. Block and also wait because that the whining.
0
· · ·
Sonora
OP
Dimitris9789 may 29, 2014 in ~ 15:31 UTC

I clogged the maker from every APs and is tho replying to PINGs at times. It may be something that is associated to the LAN what by accident - ns will inspect for rogue APs but I hope it is not the case.


0
· · ·
Thai Pepper
OP
Mac mad
This human is a confirmed professional.
Verify your account to permit IT peers to check out that you space a professional.
may 29, 2014 in ~ 15:39 UTC

What room you to run DHCP on ?

If it"s windows 2008 and also above, you can put the MAC deal with in the Block perform to protect against it acquiring an IP attend to altogether.


0
· · ·
Sonora
OP
Dimitris9789 might 29, 2014 in ~ 15:45 UTC

It is a home windows 2008 DHCP server (not R2)


0
· · ·
Jalapeno
OP
jabeatty may 29, 2014 in ~ 15:47 UTC

Under IPv4, Filters, refuse - add a new filter because that that details MAC address.


0
· · ·
Poblano
OP
Best Answer
eaglefly21
This human is a verified professional.
Verify your account to enable IT partner to view that you are a professional.
may 29, 2014 at 15:51 UTC

Kind of obvious, yet scan v discoverhotmail.com? If discoverhotmail.com is reading data from her switches, you might get lucky and find out the port it is connected to.OR friend could check the MAC table on each switch to view which port the MAC deal with is comes from, and also follow the switches earlier to the offending port.HTH and an excellent luck! to be there, done that! 


0
· · ·
Datil
OP
stevemoores may 29, 2014 in ~ 16:55 UTC

I provided to use the Cisco l2trace and traceroute mac regulates a lot as soon as I worked in one Educational environment. Rather of manually looking at the electronic came tables it would certainly take me come the precise switch and port it was on quickly. Oddly, in the environment I work in now I haven"t have to do the in a long time. I suppose because we room the just ones that plug something into the network :)

I wonder if it wouldn"t be possible to write something the would assist with this also if the switches weren"t Cisco... Hum...


1
· · ·
Mace
OP
brianwhelton
This human is a confirmed professional.
Verify your account to enable IT peers to see that you space a professional.
may 29, 2014 in ~ 17:40 UTC

Whelton Network options is one IT business provider.


Silly question, it"s not your DHCP server is it?!


0
· · ·
Sonora
OP
Dimitris9789 may 29, 2014 at 17:46 UTC

Well, ns seem to have determined the switch whereby this MAC is associated to and will go network-port searching tomorrow. It may still it is in a Wireless MAC attend to of one AP the was associated to the not correct VLAN. 

Thank you for all her suggestions.


0
· · ·
Chipotle
OP
magomez96 may 29, 2014 at 19:16 UTC

Block that or accelerator the internet connection to 56k and see who complains.


0
· · ·
Poblano
OP
eaglefly21
This person is a showed professional.
Verify your account to permit IT partner to check out that you are a professional.
may 29, 2014 in ~ 19:19 UTC

Keep us posted..... Would certainly love to know what it turns out come be!


0
· · ·
Sonora
OP
Dimitris9789 may 30, 2014 at 10:12 UTC

Mystery solved: it was an OEM android call of among our interns. Difficult to track, as the human is moving from structure to building. Check the MAC attend to dynamic tables the switches and the connected devices of accessibility Points do the tracking possible for me.

See more: 1-Nen A-Gumi No Monster

Many say thanks to to the discoverhotmail.com. Have a rocking weekend.


3

This topic has been locked by one administrator and also is no longer open because that commenting.