Ghost in the machine

  • 6 January 2017
  • 28 replies
  • 1860 views

Userlevel 6
Badge +17
A couple of days ago and every day since I checked my Windows 10 Network and observed some strange devices that showed up on it. My PC is Ethernet-connected only; I am using a TP Link Archer C7 wireless router.
 
After much research, I found people have been complaining about this (Windows 8, too) since 2013 and as recently as December 2016.
 
The number of threads is huge, including from MS itself, and I don't believe any of the reasons for this stuff happening or most of the suggested solutions.
 
Most suggestions are that machines are picking up nearby devices or drive-by's. I don't believe that explanation because most of the specific device names are the same in many cases with people spread out all over the USA and beyond. Here's just one example of somebody else that saw "full-ford":
 
http://www.overclock.net/t/1583033/strange-unknown-devices-on-my-network
 
I've noticed the stuff that shows up has a MAC address, but no IP. In most cases the devices disappear after a few seconds.
 
Another strange thing is how some of the devices are associated with Amazon or Amazon protocols. I do not think this phenomenon is isolated to individuals' locations or wireless devices because of the common device names involved.
 
You Webroot folks are the security experts; that's why I wrote this here. Here are some screen shots for your enjoyment. The devices that do not belong are DL701Q; MaxGuava; angler; full-giza and full-ford:
 


 
 


 
 


 
 


 
 


 
 


 
 


 
 
 
 
 

28 replies

Hi rbarrow,
 
A Google search of the device name "DL701Q" comes up with a very cheap tablet sold on Amazon. There are probably thousands of them in any given state. When you say they show up in your network do you mean they are connected to your router/internet or they just appear when you scan for wireless networks/devices? I am only able to see the top pic that you posted and from the looks of it the device is showing up in "This PC/My Computer" or "Network"  page which is odd. When phones and game consoles show up there it usually means they are connected to your network via UPnP. If you don't have devices that use UPnP (game console, cctv system, media server, etc.) I would disable it (UPnP) in your router settings. Personally, I would reset my router as well, new username, new password, but that's up to you. If you have a lot of custom settings, like I do, it could be a real pain. My router has the option to block devices by MAC address. You could possibly go that route, too. (Check in your router settings to see if unknown devices are connected to your network. My settings show all devices connected, either via ethernet cable or WiFi, at any given time, including IP and MAC addresses. I can delete their DHCP lease and ban their IP or MAC address, too) I'd be suspicious if this was my PC. If you have Webroot installed and you are unsure and want the experts in support to check your PC for you then you may also submit a trouble ticket, free of charge with subscription.
 
If you are not familiar with your router settings then I would not mess around in there. You could really mess things up. But there is usually a reset button on them. Resetting the router or even just choosing a new username/password is relatively easy, though. You can usually find detailed directions by Googling the router model make/model. If resetting, be sure you know the default username, password, and IP address to the router before resetting so you can reconnect afterward.
 
Hope this info helps. Let us know what you discover. ;)
 
BD
 
Userlevel 6
Badge +17
BD-- Thanks for getting this into the techie group.
 
Here's another thread of a couple of years worth of frustrations right up to the present.
 
http://www.tomshardware.com/answers/id-2323152/network-discovery-unknown-devices-found-network.html
 
In some cases a person's own device was the culprit. In others, disappearing stuff from sight was the answer, but obviously not a good solution.
 
Since my PC is connected to Ethernet and not Wi-Fi, I'm gonna try hooking it up directly to my cable modem, bypassing my router that I'll power down. Then, I'll boot up and observe if my network sees anything strange.
Userlevel 6
Badge +17
Thought I'd buy some time before going outside to tackle six inches of snow in 13 degree weather here in southwest Virginia...
 
So, I literally pulled the plug on my wireless router, plugged my PC directly into the Ethernet output of my cable modem and booted up. Predictably, nothing unusual showed up in my Network list except what belonged there.
 
My router, unplugged for over 1/2 hour had plenty of time to do whatever uplugged routers do. Then I reconnected the entire shootin' match, booted up and looked at my Network list of things--nothing that didn't belong. Hmmm.
 
I checked at least three times and with several refreshes. Nothing. I just checked before posting this. Nothing.
 
Did the ghosts take the weekend off? Stay tuned.
Userlevel 6
Badge +17
This morning another phone appeared on my network list; so something escaped from my Ecto Containment Unit. As before, there was a Mac address, no IP, and right after I grabbed a screen shot and refreshed my network list a couple of times, it disappeared.
 


 
 


 
The common theme is the devices have Mac addresses, no IP's, and disappear after several refreshes of the network list--only to reappear.
Userlevel 6
Badge +17
The best answer thus far was to disable SSID broadcasting on Wi-Fi. That appears to have worked.
Userlevel 7
Hello,
 
How close are you to a street? And how much traffic does it receive?

I believe this is an example of smartphones, smart devices, or even smart cars scanning your wifi. This does not mean that you are being targeted or that someone is attempting to hack you. Basically when someone drives by, their smartphone is picking up on your wifi and scanning it, in the event that they tried to connect. My phone does this all the time wherever I go as long as wifi is enabled. 
 
This would also explain why you see them appear, and then quickly disappear as they get out of range. I would check to see if WPS is enabled, and disable it if so. This is a router setting.
Userlevel 7
Badge +56
@ To me you should contact your ISP as we can't do anything for you from a Forum and it's not a WSA issue.
 
Daniel
Userlevel 6
Badge +17
James G.,
 
My router does not have a WPS setting, WDS is disabled and it's as locked down as I technically could do it. Your "drive-by" explanation is viable as I am close to a county road. I have seen nothing on my list since I stopped broadcasting my SSID.
 
Thanks,
 
Rick
I found this thread while searching for this issue and thought I should post.
 
I, too, have experienced this issue and I find the suggested solutions to be insufficient to explain what's happening here.
 
I bought a new wireless printer today and went to install it. On opening the "network" page in Windows 10 I noticed a device called "full_giza".  Curious about it, I googled it and found some forum posts about people wondering about full_giza and full_ford devices on their network. Then I saw that it had disappeared. For what it's worth, I don't own any amazon devices.
 
Poking around, I was refreshing my network page and then a Lenovo device showed up. Interestingly enough, the device is another 8" tablet. This is too strange to just be a coincidence.
 
I live in a very rural area and there's zero chance that someone is within my wifi range and just hopping on for short bursts. 
 
My network is a bit strange. I connect using a 4G verizon hotspot. I have an old linksys router with dd-wrt on it acting as a client for the hotspot. Connected to that I have a d-link router acting as a DHCP server and wireless access point. Connected to that d-link router I have two other identical d-links acting as access points in other buildings.
 
Here's a shot of the two devices I'm seeing: http://i.imgur.com/ZUWnSBZ.png
 
Any ideas?
So I've been noticing for months that "something" kept happening in the network window but it was always very fast and I'd miss what actually happened. Today, full_ford.

I own 0 Amazon devices, I am home alone, I'm connected to the router via ethernet, the router is broadcasting but is passworded - using WPA/WPA2 PSK. Someone driving by or even a neighbor, unless they've previously stopped and hacked my router specifically, doesn't make sense... right?

Any suggestions?
Userlevel 6
Badge +17
Dear IronSkillet,
Welcome to the forum! I have no suggestions because the answer (as far as I know) remains a mystery. I gave up a while ago after being abused on another forum. At least here at Webroot everybody is civil and helpful--as you'll soon learn.
 
So my answer is "Resistance Is Futile."
Enjoy your time here, and keep your network locked down.
--Rick
Perfect Summary and Analysis of my Identical Problem!
I have just noticed that I've full_ford on my lap top.The only identifying items on it state Amazon .Again no IP just a MAC address.Ive been having problems with one of my email accounts since 04/07/2017 and I'm unable to receive any of my emails from that account onto my iPhone but can get them on my laptop.Now I'm wondering if this has something to do with it !!!!!!ANY help or advice will be gladly received
Userlevel 1
Badge +7
Just realized this was happening to me as well.  full_giza and a Dell Venue 8 tablet
I've just had this happen, too. Noticed full_ford network on my Windows Network tab, then it was gone. Haven't logged any new clients on my router.

Is it possible this is a Bluetooth thing? I do live by a busy road, and never even thought about the fact that my computer had bluetooth, just to find now that it's "Discoverable as [computer name]" in the Bluetooth & other devices page in Windows 10. Oops. Anyone else? It does seem plausible that car bluetooth systems could be popping up when in range of my bluetooth radio, although lardlad00 said he's in a rural area, so maybe not. Are you close to a road at all?

One other thought - I recently installed some AWS developer tools, including Docker. I know some virtual network devices got installed in the process, but didn't pay as close of attention as I should... anyone else work with AWS stuff? Seems like it could relate to the Amazon device tag at least.

Finally, and I hope this isn't the case... is there any chance we've all been compromised by a similar malware? Anyone have any ideas on other patterns we could look for? I get the whole wipe your network config and start fresh perspective... but would love to figure this out, too.
I've just recently noticed full_ford a couple of times., only showing up for a minute then vanishing Realized my onboard Bluetooth radio was turned on. Turned it off and haven't seen it since. Anyone else have Bluetooth? Makes the passing car theory a bit more plausible, I think.
My Bluetooth is off.  I use 24-bit network encryption to help protect it.  Nevertheless, "douglas" is a consistant squatter on my network.  Apparaently he's an Amazon device with a MAC address that's associated with Amazon (as the vendor).  I can't fiind a link between his model number (KFDOW) and a specific device, but he's always chilling in the computer section of my network system files.
 
When I remember to check for his presence, he's always there.  When I access his properties, he becomes skittish and disappears.  He always returns, though.  How do I evict him (and re-key the locks)?  He would have had to change my network settings to allow him access to the network (but I don't claim a great understanding of network configurations).
 
 

Forgot to note that I live 0.25 mi. from the nearest paved road (on 7.5 acres).  I can't detect any wireless routers except mine, so at least for me, neighbors probably aren't tampering with my equipment.
Weird. I haven't seen full_ford since I shut my bluetooth off, but I did just see "douglas" for the first time. Seen several other threads, someone has to know what these are, right?
Saw this on another similar post, try disabling the Windows Connect Now service (WPS) and see if that stops the devices from showing up. So far so good for me.
My ghost is named full_biscuit.
He is new and showed up right after I installed a new TP-Link router, no prior visitations by anyone.
Could TP-Link be the commonality?
Userlevel 7
Badge +59
It sounds like your seeing other Wi-Fi networks so I wouldn't worry about it and you can see this from Microsoft: https://goo.gl/uuo2Pr and here: https://goo.gl/TvYp1c for other possible reasons.
 
Daniel
    This may be the most frustrating problem I have ever encountered on a computer. How is it possible that people that live on different sides of the planet are catching the exact same "Drive-By" devices on their network? FULL-FORD, FULL-GIZA, FULL-BISCUIT, DOUGLAS. 
    The people that own these devices must do a lot of travelling because I'm in Georgia. Any chance that I & somebody in California both have a neighbor named "FULL-BISCUIT"?
    It's odd that any time I google the name of an unknown device on my network, there is always someone who has posted on some forum that they have same device name appearing on their network.
    
Hi Darryl,

Welcome to the Webroot Community,

From what I've read about "full_biscuit", some people say this may be caused by Amazon echo, or other Amazon devices, like Alexa or dot.
Do you have one of these?

Just curious,
Thanks for your reply, I assure you that I have no Amazon devices. These devices have names that are created by user. So it is unlikely that we all have Amazon devices that we have setup with the name full_biscuit but none of us remember doing so.
Look at the similarity in the names, full-ford, full-giza, full-biscuit. Take into consideration that they all are Amazon devices with no info other than MAC address. 
You have to rule out picking up a neighbor's network or some drive by phone thing. 

Reply