Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
mvs132019-05-23 11:07:47
Computer networks
mvs13, 2019-05-23 11:07:47

Should I be afraid of extraneous ip-addresses on the local network?

There is a local area network of the organization on 120 computers. The network uses addressing 10.0.0.0/20. Once it was discovered that there was a node on the network with the address 192.168.0.169. ping of the device is stable, but not typical for the local network, more than 30 ms. arp did not give the MAC address of this device. trace showed that the device is outside our network, it is behind the IP address of someone else's provider. A pfSense gateway with LANs and bogons blocked on its external interface. I am lost in conjecture, what kind of device is this and how is it present in our local network?
Is it possible to determine how this device gained access to our local network?
Is it possible to somehow avoid the appearance of such nodes in the local network in the future?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
#
#, 2019-05-23
@mindtester

Should I be afraid of extraneous ip-addresses on the local network?
if there are secrets / values ​​​​in the network - definitely YES, you should be wary
of all the more intranet addresses, the trace to which goes beyond the limits of the LAN
what to do:
- try to investigate (maybe one of the employees raises a VPN home?)
- try to block the address / routing ( but you have to be prepared for the fact that something necessary will fall off, such as an external security webcam?))).. but [maybe] you will know exactly what it is ;))

Report
S
Sergey Ryzhkin, 2019-05-23
@Franciz

There was a topic recently: Block addresses on the network . Maybe you can try to implement something similar.

Report
V
Viktor, 2019-05-23
@necroic

clarify please
How was it discovered?
Was the trace going through your router?
What does this mean? Blocked how? Access to you blocked or from you?
I don’t really understand what the problem is if this address is outside your network.
If it's inside, what does it indicate?
If you do not use Vlans, then the poppy does not see that this node is behind your router.
You never know what the provider has there and how it works.

Similar questions
I
Ivan Sokhin2015-10-21 01:46:30
Can you name a star? 2Reply
D
Denis Goltsev2015-10-21 08:18:06
What should be the routes for Site to Site OpenVpn? 4Reply
M
Milfgard2011-08-10 21:48:33
How to find the metro station by address? 1Reply
M
MadWastefield2018-02-24 19:19:59
Do you have a LAN switch for sale? 4Reply
D
Dmitry2018-02-24 23:30:05
How to add a static route to a different subnet? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question