• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Security issue in my network somewhere...?

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,731 (3.43/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
I've been having some strange things going on lately. Long story short - someone just earlier tonight made an account here at TPU and tried to stir up some trouble... but their account appears to be logged in with my own IP address! My fiancee also says she's had issues in the past on Facebook with other people getting strange messages coming from her with our IP address, but it wasn't her sending them. Apparently, she took it up with Facebook and they dug deeper on that issue and they found out it was actually coming from Wisconsin. If there's a security issue somewhere, I'm not sure where it could be. Whatever it is, it's not something as glaringly obvious as an unsecured Wi-Fi network. What should I do to look for security issues?
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
26,956 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
What's your network and computer setup like?

Try changing Wifi passwords
 
Joined
Mar 28, 2018
Messages
1,791 (0.82/day)
Location
Arizona
System Name Space Heater MKIV
Processor AMD Ryzen 7 5800X
Motherboard ASRock B550 Taichi
Cooling Noctua NH-U14S, 3x Noctua NF-A14s
Memory 2x32GB Teamgroup T-Force Vulcan Z DDR4-3600 C18 1.35V
Video Card(s) PowerColor RX 6800 XT Red Devil (2150MHz, 240W PL)
Storage 2TB WD SN850X, 4x1TB Crucial MX500 (striped array), LG WH16NS40 BD-RE
Display(s) Dell S3422DWG (34" 3440x1440 144Hz)
Case Phanteks Enthoo Pro M
Audio Device(s) Edifier R1700BT, Samson SR850
Power Supply Corsair RM850x, CyberPower CST135XLU
Mouse Logitech MX Master 3
Keyboard Glorious GMMK 2 96%
Software Windows 10 LTSC 2021, Linux Mint
Could probably use a packet sniffer like Wireshark to see where on your network the traffic is coming from.
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,731 (3.43/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
What's your network and computer setup like?

Try changing Wifi passwords

I'm thinking my wifi password would be pretty hard to crack, and damn near impossible to just guess, but I suppose it's something worth doing.

I've got a modem (modem only, not a modem/router combo) connected to my own wifi router (RT-N66R, flashed with Tomato). As I've mentioned before, the wifi has a strong password that would be pretty hard to crack... other than that, I've got ethernet running to a few PCs and game consoles and such.

Could probably use a packet sniffer like Wireshark to see where on your network the traffic is coming from.

I can try to take a look at that, but I've never used a tool like that before.

Still, none of this explains to me how someone could appear to be sending messages on Facebook from our IP, but actually being in Wisconson. Obviously, there's no way our wifi reaches all the way over there...
 
Joined
Mar 28, 2018
Messages
1,791 (0.82/day)
Location
Arizona
System Name Space Heater MKIV
Processor AMD Ryzen 7 5800X
Motherboard ASRock B550 Taichi
Cooling Noctua NH-U14S, 3x Noctua NF-A14s
Memory 2x32GB Teamgroup T-Force Vulcan Z DDR4-3600 C18 1.35V
Video Card(s) PowerColor RX 6800 XT Red Devil (2150MHz, 240W PL)
Storage 2TB WD SN850X, 4x1TB Crucial MX500 (striped array), LG WH16NS40 BD-RE
Display(s) Dell S3422DWG (34" 3440x1440 144Hz)
Case Phanteks Enthoo Pro M
Audio Device(s) Edifier R1700BT, Samson SR850
Power Supply Corsair RM850x, CyberPower CST135XLU
Mouse Logitech MX Master 3
Keyboard Glorious GMMK 2 96%
Software Windows 10 LTSC 2021, Linux Mint
I can try to take a look at that, but I've never used a tool like that before.
It's been a while since I've used it. I'd say look for traffic from a device with a MAC address that none of your devices have.

Your router probably has a feature to log things that happen on your network too.
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
26,956 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
from our IP, but actually being in Wisconson
IP to location mappings are hand-crafted databases that can be out of date or inaccurate. What makes you think "Wisconsin"?
 
  • Like
Reactions: hat

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,731 (3.43/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
IP to location mappings are hand-crafted databases that can be out of date or inaccurate. What makes you think "Wisconsin"?
No idea. She said she contacted Facebook about the issue (that is, people getting messages from her that she didn't send) and they initially said it came from our IP, but then they dug deeper and they said it came from Wisconsin. That's all I know about it. This happened quite a while ago, and I'm always hearing things about people having trouble with Facebook, so I just chalked it up to Facebook weirdness. Strange accounts connecting to TPU with our IP address has me more concerned.
 
Joined
Jan 31, 2010
Messages
5,363 (1.04/day)
Location
Gougeland (NZ)
System Name Cumquat 2021
Processor AMD RyZen R7 7800X3D
Motherboard Asus Strix X670E - E Gaming WIFI
Cooling Deep Cool LT720 + CM MasterGel Pro TP + Lian Li Uni Fan V2
Memory 32GB GSkill Trident Z5 Neo 6000
Video Card(s) Sapphire Nitro+ OC RX6800 16GB DDR6 2270Cclk / 2010Mclk
Storage 1x Adata SX8200PRO NVMe 1TB gen3 x4 1X Samsung 980 Pro NVMe Gen 4 x4 1TB, 12TB of HDD Storage
Display(s) AOC 24G2 IPS 144Hz FreeSync Premium 1920x1080p
Case Lian Li O11D XL ROG edition
Audio Device(s) RX6800 via HDMI + Pioneer VSX-531 amp Technics 100W 5.1 Speaker set
Power Supply EVGA 1000W G5 Gold
Mouse Logitech G502 Proteus Core Wired
Keyboard Logitech G915 Wireless
Software Windows 11 X64 PRO (build 23H2)
Benchmark Scores it sucks even more less now ;)
could be a case of IP address spoofing where they haven't actually penetrated your network but are using your IP address in the form of spoofed packet headers
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,731 (3.43/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
It's been a while since I've used it. I'd say look for traffic from a device with a MAC address that none of your devices have.

Your router probably has a feature to log things that happen on your network too.

You mean in the "Source" tab, right? This should expose a device on my network that shouldn't be there. However, I should be able to see this information in my router, anyway.

could be a case of IP address spoofing where they haven't actually penetrated your network but are using your IP address in the form of spoofed packet headers

I'm not sure how one would do this, but if this were the case (and probably likely if I am indeed being attacked) that probably means there isn't anything I can do about it, and my own network itself remains intact, correct?
 
Joined
Jan 31, 2010
Messages
5,363 (1.04/day)
Location
Gougeland (NZ)
System Name Cumquat 2021
Processor AMD RyZen R7 7800X3D
Motherboard Asus Strix X670E - E Gaming WIFI
Cooling Deep Cool LT720 + CM MasterGel Pro TP + Lian Li Uni Fan V2
Memory 32GB GSkill Trident Z5 Neo 6000
Video Card(s) Sapphire Nitro+ OC RX6800 16GB DDR6 2270Cclk / 2010Mclk
Storage 1x Adata SX8200PRO NVMe 1TB gen3 x4 1X Samsung 980 Pro NVMe Gen 4 x4 1TB, 12TB of HDD Storage
Display(s) AOC 24G2 IPS 144Hz FreeSync Premium 1920x1080p
Case Lian Li O11D XL ROG edition
Audio Device(s) RX6800 via HDMI + Pioneer VSX-531 amp Technics 100W 5.1 Speaker set
Power Supply EVGA 1000W G5 Gold
Mouse Logitech G502 Proteus Core Wired
Keyboard Logitech G915 Wireless
Software Windows 11 X64 PRO (build 23H2)
Benchmark Scores it sucks even more less now ;)
Try asking your ISP to give you a new IP address that should stop spoofing in its tracks if that's what is happening but I'd also change the Pword for your network wifi and modem login
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,731 (3.43/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
Try asking your ISP to give you a new IP address that should stop spoofing in its tracks if that's what is happening but I'd also change the Pword for your network wifi and modem login
I can change my own IP all day my changing my router's MAC address... but then that wouldn't explain where it came from in the first place. If they got me the first time, "they" can just as easily do it again, no?
 
Joined
Mar 15, 2013
Messages
3,624 (0.90/day)
Location
GMT +2
System Name Red Radiance l under construction
Processor 5800x
Motherboard x470 taichi
Cooling stock wrath
Memory TridentZ Neo rgb 3600mhz (2x8 kit)
Video Card(s) Sapphire Vega 64 nitro+
Storage 970 evo nvme
Display(s) lc27g75tq
Case tt core x5 tge
Audio Device(s) sennheiser's pc323d usb soundcard
Power Supply corsair AX860i
Mouse roccat burst pro
Keyboard roccat ryos mk fx
Software windows 10
in the wifi router under status you have logs tab. check there for info about events for the router (connected devices, logins to router etc.)
also add mac filtering and ip reservation for lan/wifi and then limit available ips for dhcp only to the range needed for your devices.
 
Joined
Jan 17, 2010
Messages
12,280 (2.37/day)
Location
Oregon
System Name Juliette // HTPC
Processor Intel i7 9700K // AMD Ryzen 5 5600G
Motherboard ASUS Prime Z390X-A // ASRock B550 ITX-AC
Cooling Noctua NH-U12 Black // Stock
Memory Corsair DDR4 3600 32gb //G.SKILL Trident Z Royal Series 16GB (2 x 8GB) 3600
Video Card(s) ASUS RTX4070 OC// GTX 1650
Storage Samsung 970 EVO NVMe 1Tb, Intel 665p Series M.2 2280 1TB // Samsung 1Tb SSD
Display(s) ASUS VP348QGL 34" Quad HD 3440 x 1440 // 55" LG 4K SK8000 Series
Case Seasonic SYNCRO Q7// Silverstone Granada GD05
Audio Device(s) Focusrite Scarlett 4i4 // HDMI to Samsung HW-R650 sound bar
Power Supply Seasonic SYNCRO 750 W // CORSAIR Vengeance 650M
Mouse Cooler Master MM710 53G
Keyboard Logitech 920-009300 G512 SE
Software Windows 10 Pro // Windows 10 Pro
Could someone have your IP and be out to cause you problems using a proxy ?
 
  • Like
Reactions: hat
Joined
Jan 31, 2010
Messages
5,363 (1.04/day)
Location
Gougeland (NZ)
System Name Cumquat 2021
Processor AMD RyZen R7 7800X3D
Motherboard Asus Strix X670E - E Gaming WIFI
Cooling Deep Cool LT720 + CM MasterGel Pro TP + Lian Li Uni Fan V2
Memory 32GB GSkill Trident Z5 Neo 6000
Video Card(s) Sapphire Nitro+ OC RX6800 16GB DDR6 2270Cclk / 2010Mclk
Storage 1x Adata SX8200PRO NVMe 1TB gen3 x4 1X Samsung 980 Pro NVMe Gen 4 x4 1TB, 12TB of HDD Storage
Display(s) AOC 24G2 IPS 144Hz FreeSync Premium 1920x1080p
Case Lian Li O11D XL ROG edition
Audio Device(s) RX6800 via HDMI + Pioneer VSX-531 amp Technics 100W 5.1 Speaker set
Power Supply EVGA 1000W G5 Gold
Mouse Logitech G502 Proteus Core Wired
Keyboard Logitech G915 Wireless
Software Windows 11 X64 PRO (build 23H2)
Benchmark Scores it sucks even more less now ;)
I can change my own IP all day my changing my router's MAC address... but then that wouldn't explain where it came from in the first place. If they got me the first time, "they" can just as easily do it again, no?

wouldn't that only change the IP your modem gives your router and not the actual IP address the internet see's
 
  • Like
Reactions: hat
Joined
Jul 16, 2014
Messages
8,115 (2.29/day)
Location
SE Michigan
System Name Dumbass
Processor AMD Ryzen 7800X3D
Motherboard ASUS TUF gaming B650
Cooling Artic Liquid Freezer 2 - 420mm
Memory G.Skill Sniper 32gb DDR5 6000
Video Card(s) GreenTeam 4070 ti super 16gb
Storage Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Steeseries Esports Wireless
Keyboard Corsair K100
Software windows 10 H
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
in the wifi router under status you have logs tab. check there for info about events for the router (connected devices, logins to router etc.)
also add mac filtering and ip reservation for lan/wifi and then limit available ips for dhcp only to the range needed for your devices.
to add to this, current routers can send the log to you via email, but they dont make it easy to do. I still havent got mine to work (netgear).
 

hat

Enthusiast
Joined
Nov 20, 2006
Messages
21,731 (3.43/day)
Location
Ohio
System Name Starlifter :: Dragonfly
Processor i7 2600k 4.4GHz :: i5 10400
Motherboard ASUS P8P67 Pro :: ASUS Prime H570-Plus
Cooling Cryorig M9 :: Stock
Memory 4x4GB DDR3 2133 :: 2x8GB DDR4 2400
Video Card(s) PNY GTX1070 :: Integrated UHD 630
Storage Crucial MX500 1TB, 2x1TB Seagate RAID 0 :: Mushkin Enhanced 60GB SSD, 3x4TB Seagate HDD RAID5
Display(s) Onn 165hz 1080p :: Acer 1080p
Case Antec SOHO 1030B :: Old White Full Tower
Audio Device(s) Creative X-Fi Titanium Fatal1ty Pro - Bose Companion 2 Series III :: None
Power Supply FSP Hydro GE 550w :: EVGA Supernova 550
Software Windows 10 Pro - Plex Server on Dragonfly
Benchmark Scores >9000
wouldn't that only change the IP your modem gives your router and not the actual IP address the internet see's
Nah, it gives me a whole new IP address. I've done it long ago and verified success with whatismyip.

Could someone have your IP and be out to cause you problems using a proxy ?

Seems the most likely scenario (or just some random troll)... seems nearly impossible to prevent, from what I can tell. I can change my IP, but that only works until it happens again. They had to have some way to get it in the first place.
 
Joined
Jul 25, 2006
Messages
12,014 (1.86/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
Try asking your ISP to give you a new IP address that should stop spoofing in its tracks if that's what is happening
I can change my own IP all day my changing my router's MAC address...
Ummm, that's not how it normally works.
Nah, it gives me a whole new IP address. I've done it long ago and verified success with whatismyip.
"Long ago", you could just unplug the modem from the Internet for 24 hours, connect it again and get a new IP assignment. But times have changed. If you have not verified this recently (like this morning) I would do it again.

Typically, the IP address the world (and the bad guy) sees is assigned by your ISP to your modem, not your router. If not, you could not troubleshoot your local network by isolating your Internet connection by by-passing your router and connecting a PC directly to the modem.

So I agree with Athlonite and give your ISP a call and explain the situation and ask for a different IP assignment. They will likely give you a hard time because available IPv4 addresses for the ISP are limited. so stand your ground. Be nice and polite, but firm.

Also, while the IP address is assigned to the MAC address of your modem, with many ISPs (like mine) they assign that IP to the account which is tied to the billing or street address. I discovered this when I bought a new DOCSIS 3.1 modem to replace my old 2.0 modem. The new modem got authorized and assigned my old IP address.

And I agree to change your wifi passphrase. You (or your fiancée) might have given it to some visitor at some time in the past. HOWEVER, for them to cause problems today, they would have to be physically located close to your network in order to connect - like next door.

And while unlikely, make sure nobody physically connected an unauthorized device on your Ethernet network. This, of course, would require someone had access to your home - a "trusted" :rolleyes: house guest. So you would need to inspect all your Ethernet cables and look for an unauthorized device - perhaps hiding in the attic, basement, or closet. And if you find an unauthorized device, it might be time to change your door locks, search for hidden cameras, and call the police too. :(
What should I do to look for security issues?
Check your router's admin menu. Most (if not all) router's. let you see the connected devices. Verify each one. Sadly, this may not be easy because not all devices nicely and uniquely identify themselves. For example, I have 2 devices connected to my wifi network, both labeled as "network device". I have to click on each one individually to see one is my Sony Android Phone and the other is my Samsung Blu-ray player.

You might also change you local network settings to limit the maximum number of connected devices that can connect to your network at one time. You can set a range of DHCP IP assignments your router can issue to your devices. So, if between you and your fiancée, you have 4 computers, plus a smart TV, smart phones, and smart door bell, you could limit the connections to 8 devices only. You can also enable MAC Filtering to only allow access to the devices with specific MAC addresses.

If you don't need Guest Network, disable it.
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
26,956 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
to limit the maximum number of connected devices that can connect to your network at one time
Interesting alternative to MAC address filtering, for which I'm always too lazy :)
 
Joined
Jul 25, 2006
Messages
12,014 (1.86/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
LOL

Well, it really is simple - and a one-time task. In both this Linksys router I'm using now, and in my old Netgear, it is just 1 setting in the admin menu that needs setting. I set mine to 15. I also told my printer to always ask for and use ("reserve") the same IP address, that is above those possible 15 DHCP assigned IP addresses. This is similar to but easier than setting a static address. Doing this prevents the networked printer from grabbing an IP previously assigned to one of my computers when power is restored after an extended power outage. I did the same with my NAS. I used to have to reconfigure Windows on each machine to use the new IP address for the printer and NAS. A real PITA. Now, I never have to.
 
Joined
Jan 31, 2010
Messages
5,363 (1.04/day)
Location
Gougeland (NZ)
System Name Cumquat 2021
Processor AMD RyZen R7 7800X3D
Motherboard Asus Strix X670E - E Gaming WIFI
Cooling Deep Cool LT720 + CM MasterGel Pro TP + Lian Li Uni Fan V2
Memory 32GB GSkill Trident Z5 Neo 6000
Video Card(s) Sapphire Nitro+ OC RX6800 16GB DDR6 2270Cclk / 2010Mclk
Storage 1x Adata SX8200PRO NVMe 1TB gen3 x4 1X Samsung 980 Pro NVMe Gen 4 x4 1TB, 12TB of HDD Storage
Display(s) AOC 24G2 IPS 144Hz FreeSync Premium 1920x1080p
Case Lian Li O11D XL ROG edition
Audio Device(s) RX6800 via HDMI + Pioneer VSX-531 amp Technics 100W 5.1 Speaker set
Power Supply EVGA 1000W G5 Gold
Mouse Logitech G502 Proteus Core Wired
Keyboard Logitech G915 Wireless
Software Windows 11 X64 PRO (build 23H2)
Benchmark Scores it sucks even more less now ;)
I do exactly the same thing Bill but I do it for the printer the TV and the two permanently connected PC's everything else gets a random IP out of what's left of the 15 IP's allowed
 
Joined
May 13, 2010
Messages
5,632 (1.11/day)
System Name RemixedBeast-NX
Processor Intel Xeon E5-2690 @ 2.9Ghz (8C/16T)
Motherboard Dell Inc. 08HPGT (CPU 1)
Cooling Dell Standard
Memory 24GB ECC
Video Card(s) Gigabyte Nvidia RTX2060 6GB
Storage 2TB Samsung 860 EVO SSD//2TB WD Black HDD
Display(s) Samsung SyncMaster P2350 23in @ 1920x1080 + Dell E2013H 20 in @1600x900
Case Dell Precision T3600 Chassis
Audio Device(s) Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply 630w Dell T3600 PSU
Mouse Logitech G700s/G502
Keyboard Logitech K740
Software Linux Mint 20
Benchmark Scores Network: APs: Cisco Meraki MR32, Ubiquiti Unifi AP-AC-LR and Lite Router/Sw:Meraki MX64 MS220-8P
could be a case of IP address spoofing where they haven't actually penetrated your network but are using your IP address in the form of spoofed packet headers
This as well as the following:
People often get apps like Hola or any of those "anonymizer" apps that basically make your system an exit node for anyone to do nefarious actions. They can still do that even if your WAN IP changes

Please see if you got any of those and if you do promptly uninstall them or even better, reformat if you do in fact do.
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
28,472 (4.25/day)
Location
Indiana, USA
Processor Intel Core i7 10850K@5.2GHz
Motherboard AsRock Z470 Taichi
Cooling Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory 32GB DDR4-3600
Video Card(s) RTX 2070 Super
Storage 500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s) Acer Nitro VG280K 4K 28"
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply eVGA SuperNOVA 1000w G3
Software Windows 10 Pro x64
Run a virus scan on all your computers to make sure you aren't infected with something.
 
Joined
Aug 20, 2007
Messages
20,710 (3.41/day)
System Name Pioneer
Processor Ryzen R9 7950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage 2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches
Software Windows 11 Enterprise (legit), Gentoo Linux x64

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
28,472 (4.25/day)
Location
Indiana, USA
Processor Intel Core i7 10850K@5.2GHz
Motherboard AsRock Z470 Taichi
Cooling Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory 32GB DDR4-3600
Video Card(s) RTX 2070 Super
Storage 500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s) Acer Nitro VG280K 4K 28"
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply eVGA SuperNOVA 1000w G3
Software Windows 10 Pro x64
Define "normally."

It's indeed MAC based DHCP-IP issuance at the USA's biggest ISP, comcast.

Yeah, I was just going to say that changing the MAC of the router's WAN port does change the public IP on Comcast.
 
Joined
Jul 25, 2006
Messages
12,014 (1.86/day)
Location
Nebraska, USA
System Name Brightworks Systems BWS-6 E-IV
Processor Intel Core i5-6600 @ 3.9GHz
Motherboard Gigabyte GA-Z170-HD3 Rev 1.0
Cooling Quality case, 2 x Fractal Design 140mm fans, stock CPU HSF
Memory 32GB (4 x 8GB) DDR4 3000 Corsair Vengeance
Video Card(s) EVGA GEForce GTX 1050Ti 4Gb GDDR5
Storage Samsung 850 Pro 256GB SSD, Samsung 860 Evo 500GB SSD
Display(s) Samsung S24E650BW LED x 2
Case Fractal Design Define R4
Power Supply EVGA Supernova 550W G2 Gold
Mouse Logitech M190
Keyboard Microsoft Wireless Comfort 5050
Software W10 Pro 64-bit
But it is simple to spoof (clone) MAC addresses and in fact, it is commonly done for legitimate reasons too. Every router I have owned has had MAC cloning in the admin menu, I can tell the router to use my PC's MAC address. In this way, every device on my network is seen by the ISP as my PC.

I've not worked with Comcast but have with TW, RR, and Cox. And while they use the modem's MAC address to configure the authorize the connection, it is still tied the owner's account #. If you get a new modem, yes you get a new MAC. But RR, TW and Cox typically assign the same IP to it.

IPSs don't have an infinite number of IP addresses to give out. In fact, the ranges of IP addresses are limited.
 
Top