Unknown computer in Network Security Map

[CherryTree]

I have found another computer sitting under the protection of Norton 360 that does not belong to my household/family or friends. I discovered when I went into detailed settings in Norton that it was password protected, which I had not done. When I went to access my Norton account, I found that that password had been changed, I have used the same password so knew it well. When I entered the new password I found that the product I purchased earlier this year had not been downloaded. I knew that I had done this.

I spoke to an unhelpful technician at Norton, who would not give me any details as to when the Norton password was changed. I asked the Norton technician as to what Norton antivirus I was running, he stated that I was running a trial. I could not get out of him how long this 'trial' should last as my last Norton subscription ran out in Feb 2014 and it now Sept. Most trials don't last this long. Long story short, the actual purchased Norton 360 was downloaded and working well.

I went into Network Security Map that showed a device sitting under the umbrella of my secure wireless connection. This device was not known to me so I restricted access to my computer. On my security history it states that "You restricted a computer. MAC-C8-B3-73-5D-19-79" this computer has been online on and off over the last couple of days. It also stated that now this MAC computer has been restricted it no longer has access to my computer.

I assume I have been hacked/hijacked. I do not know when this MAC computer came to sit under my secured wireless connection. How could this MAC computer gain access and sit quietly under my secure wireless. How do I find who the owners are. What do the numbers written above mean? If it is on line does this mean that it is local ie a neighbor?

 

[Geoff]

Wireless is never 100% secure, it's possible someone guessed your password or brute forced it.

The first thing I would do is make sure your wireless is using WPA2 encryption, and use a complex passphrase to protect that network, nothing that is a single or combination of dictionary only words.

Once you change your password, you should see that unknown client disappear from your network, and most likely for quite a while until they can compromise the passphrase again.

The combination of numbers and letters is the MAC address, and is a unique ID associated to every network device.

 

[CherryTree]

I changed the password, unfortunately I am only using WPA as server would not allow me to use the other.

The MAC computer has not disappeared.

 

[Geoff]

I changed the password, unfortunately I am only using WPA as server would not allow me to use the other.

The MAC computer has not disappeared.

What do you mean the server doesn't allow the other? What server? It's a setting on the wireless router/AP.

 

[CherryTree]

Okay so I have a new modem with WPA2, and that computer is still sitting under my wireless connection. I even have a new password. I don't know what else to do?

 

[Geoff]

Okay so I have a new modem with WPA2, and that computer is still sitting under my wireless connection. I even have a new password. I don't know what else to do?

Log into your new wireless router, and there should be a place to view connected clients. This would be the best way to see if there is anyone else on your network, it's possible the software is having an issue.

 

[paulcheung]

Okay so I have a new modem with WPA2, and that computer is still sitting under my wireless connection. I even have a new password. I don't know what else to do?

Are you sure the device on your network is not the modern or a network printer? or something on the network which is not a computer?

 

[CherryTree]

Are you sure the device on your network is not the modern or a network printer? or something on the network which is not a computer?

Okay so, with new modem I have now restricted yet another computer with different numbers, that is two different computers. I haven't restricted the modem as I can still access the internet and it is not the printer either. I don't have anything else other than the computer.

I have disabled bluetooth as I don't need it and see this as a potential risk. The whole thing is really strange.

 

[beers]

If you arp -a in command prompt, what IP are they associated with? Can you browse to that address in Chrome or similar?

The original MAC you provided has a known vendor ID field of Linksys. Also, please note that MAC does not mean "MAC Computer". It's a hardware address for any network interface such as wireless or wired connections. Therefore, the PC you are reading this on has its own unique MAC address for the network card.

I'd find it unlikely that someone is cracking your credentials through multiple iterations for negligible benefit. The fact that Norton refers to MAC as a computer is irritating to me, but that is just from spending too much time in the networking field

 

[CherryTree]

If you arp -a in command prompt, what IP are they associated with? Can you browse to that address in Chrome or similar?

The original MAC you provided has a known vendor ID field of Linksys. Also, please note that MAC does not mean "MAC Computer". It's a hardware address for any network interface such as wireless or wired connections. Therefore, the PC you are reading this on has its own unique MAC address for the network card.

I'd find it unlikely that someone is cracking your credentials through multiple iterations for negligible benefit. The fact that Norton refers to MAC as a computer is irritating to me, but that is just from spending too much time in the networking field

Thank your your time. Neither addresses belonged to either modems. I did cross reference with the first and then again with the second. I just had a technician out and he clarified that neither of them belonged to the two modems. Neither belong to my PC hardware either.

Is it common for Norton to call and address a computer? I tried purging them out of Nortons, only to find both returning.