Ghost in the machine

  • 6 January 2017
  • 28 replies
  • 2675 views

Userlevel 6
Badge +17
A couple of days ago and every day since I checked my Windows 10 Network and observed some strange devices that showed up on it. My PC is Ethernet-connected only; I am using a TP Link Archer C7 wireless router.

 

After much research, I found people have been complaining about this (Windows 8, too) since 2013 and as recently as December 2016.

 

The number of threads is huge, including from MS itself, and I don't believe any of the reasons for this stuff happening or most of the suggested solutions.

 

Most suggestions are that machines are picking up nearby devices or drive-by's. I don't believe that explanation because most of the specific device names are the same in many cases with people spread out all over the USA and beyond. Here's just one example of somebody else that saw "full-ford":

 

http://www.overclock.net/t/1583033/strange-unknown-devices-on-my-network

 

I've noticed the stuff that shows up has a MAC address, but no IP. In most cases the devices disappear after a few seconds.

 

Another strange thing is how some of the devices are associated with Amazon or Amazon protocols. I do not think this phenomenon is isolated to individuals' locations or wireless devices because of the common device names involved.

 

You Webroot folks are the security experts; that's why I wrote this here. Here are some screen shots for your enjoyment. The devices that do not belong are DL701Q; MaxGuava; angler; full-giza and full-ford:

 



 

 



 

 



 

 



 

 



 

 



 

 



 

 

 

 

 

28 replies

Okay I have definitive proof that the devices showing up on my network are fictitous. I'm including a screen shot of the latest called "argonglobal".



This is clearly a fictitous device. No one uses a Blackberry anymore.



I recently found someone in Washington that was also getting a full_ford device showing up on his network. It had the same MAC address as mine & I live in Georgia. 

My router doesn't block MAC addresses but I doubt it would do any good, anyway.
Same problem here.  full_giza appears and disappears.  I added its MAC address to my router reject filter and haven't seen it since. 

 

But also I am seeing a transient 'network infrastructure' device show up on my File Explorer network display.  I have an ASUS RT-AC66U_B1 router, but occasionally I also see a Linksys E8350 router appear.  Both of these devices will appear and disappear from the File Explorer display, but only the ASUS should be there.  I am connected to a Ubee DVW32CB modem that can serve as a wireless router, but I am not using that function.  I don't see any info on the modem that suggests that an embedded E8350 is providing the router function.  The MAC address shown for the E8350 doesn't match the MAC addresses on the label of the modem.  ??????
I too now have various devices showing up in Windows 10 network. I ran advanced IP scanner and it found a second subnet.



 

 

 

 

 

The 172 octet is mine, the 192 is not. And it is unscannable. 

At first I thought it was an older Linksys that I run in WEP mode periodically for an old iBook but the random devices till pop in with that off.

Very interesting…

 

Reply