Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
mvs132019-05-23 11:07:47
Computer networks
mvs13, 2019-05-23 11:07:47

Should I be afraid of extraneous ip-addresses on the local network?

There is a local area network of the organization on 120 computers. The network uses addressing 10.0.0.0/20. Once it was discovered that there was a node on the network with the address 192.168.0.169. ping of the device is stable, but not typical for the local network, more than 30 ms. arp did not give the MAC address of this device. trace showed that the device is outside our network, it is behind the IP address of someone else's provider. A pfSense gateway with LANs and bogons blocked on its external interface. I am lost in conjecture, what kind of device is this and how is it present in our local network?
Is it possible to determine how this device gained access to our local network?
Is it possible to somehow avoid the appearance of such nodes in the local network in the future?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
#
#, 2019-05-23
@mindtester

Should I be afraid of extraneous ip-addresses on the local network?
if there are secrets / values ​​​​in the network - definitely YES, you should be wary
of all the more intranet addresses, the trace to which goes beyond the limits of the LAN
what to do:
- try to investigate (maybe one of the employees raises a VPN home?)
- try to block the address / routing ( but you have to be prepared for the fact that something necessary will fall off, such as an external security webcam?))).. but [maybe] you will know exactly what it is ;))

Report
S
Sergey Ryzhkin, 2019-05-23
@Franciz

There was a topic recently: Block addresses on the network . Maybe you can try to implement something similar.

Report
V
Viktor, 2019-05-23
@necroic

clarify please
How was it discovered?
Was the trace going through your router?
What does this mean? Blocked how? Access to you blocked or from you?
I don’t really understand what the problem is if this address is outside your network.
If it's inside, what does it indicate?
If you do not use Vlans, then the poppy does not see that this node is behind your router.
You never know what the provider has there and how it works.

Similar questions
K
Kirill Ostrovsky2017-06-08 11:38:06
Parameter value in Google Analytics? 7Reply
M
MusicMan_082016-10-21 13:24:46
How to make an online timetable? 4Reply
T
TroyashkA2014-10-23 16:29:01
What is the name of this architectural decision/pattern? 0Reply
D
Denis Labutin2019-03-22 00:25:12
I can't access the device from the local network, how to solve? 1Reply
D
Dj0cker2019-03-22 13:39:56
Which router to put in the office for 60 devices? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question