Unknown pc on network.

[Drinpaw]

Hello, I have been having this problem the last couple of week or maybe a month or 2. An unknown pc with a title of pc_(same numbers every time) logs onto my network through ethernet using a static IP.

This unknown device has the same mac address as my computer. The device seems to log in and I lose internet connection. I will still be able to go to xfinity network page but I cant access any other applications that use internet. I am only able to see the device offline when I go check the network page after I lose connection.

The first time I remember this happening I blocked the device using the mac address (not realizing it was the same as mine) and blocked my own computer. Every time it happens I usually have to hard reset my router back to factory settings and the unknown device will dissapear.

Anyone have any ideas that would be very helpfull thanks. I don't have any malware or spyware that I'm aware of considering I have norton, spybot search and destroy, and microsoft security essentials.

 

[SirSub42]

What is your home network setup? Do you have any areas where a 3rd party may be able to connect to your network?

How often is this happening?

Given the fact the unknown PC has your MAC address, my first guess would be someone is attempting to infiltrate your network by spoofing your MAC address.

But if you say everything returns to normal after you reset your router, this may just be a defective router somehow double adding your device entry into the MAC address table.

I would start with changing any passwords available for your network (If none exist, perhaps establish one). You could also try changing your MAC address next time this happens and see if both hosts remain online. Depending on the model router you have, you may have an option to remove a host from your network. Here is a program for Windows XP that allows you to change your MAC address, I just took a shot in the dark about what OS you are running, but I am sure other options exist with a quick google search.

The only fact I am unsure about regarding this is the nature of networks when it comes to traffic switching. I know if there exists two hosts with the same IP address, one will automatically disconnect. But I am not sure how networks work with two identical MAC addresses. If you can still access the "Xfinity Network Page", this may indicate my idea about the faulty router take the cake.

Anywho, best of luck to ya and look forward to a reply. -Sub

 

[i7_Power]

Do you have wireless setup and is it password protected?

Having duplicate MACs on the same network is never a good thing and causes what is called MAC flapping.

 

[supasieu]

Do you have any virtual machine setup?
Is this a home network? are you using a router/switch? if yes, can you try another router/switch and see what happen?

 

[Drinpaw]

Hello, thanks for the responses.

I am running windows 7 and it is a home network. I have connected my ps3, ps4, iphone, galaxy phone, nexus tablet to this network but all of these can be connected and accounted for. Or don't show up because I don't use them anymore. I am just using the standard router comcast sent me a couple years ago, which is no doubt outdated and I do not have the ability to switch it out because I don't own another. I would imagine it would be a good idea to try and obtain a replacement from comcast which could prolly be done.

I personally have never set up a virtual machine, I just learned what they were from trying to find solutions to this problem. Is it possible for someone to do this through a malicious download? or would they have to physically be at my computer?

I do have a wireless setup and it shows a 16~ digit random password when I look it up on the gateway. I turned the broadcasting for wifi off. I did have it running and had my phone hooked up via wifi but my wifi light was blinking like I was constantly downloading when I wasn't so I turned it off.

I did manage to change my mac address. I used a random mac generator online but it feels like that could easily be remembered by the site. When I created a new mac address it created a new computer on my gateway page and the old mac (for my computer) address was shown offline. The "copy" pc_054 was gone and there was no duplicate of the new one. Today I started getting some network lag so I logged back into the gateway to see a new "unknown" static ip with status offline that shows ethernet as the connection. This duplicate has 3 ipv6 addresses as well, the first is identical up to the last 8 digits and the last 2 are exactly identical. Also has the exact same MAC address but NO ipv4 address.

Thanks again for the responses...Hopefully I am providing the correct information to find a solution if possible. It makes me uneasy to think someone could possibly be obtaining my information. I have changed my gateway pw a couple times and have not had any security issues when it comes to stolen pw's, etc. At least I'm learning something....

 

[Drinpaw]

One thing I failed to mention was the logs on the gateway. The system logs today showed this "Received Response to Broadcast Maintenance Request, But no Unicast Maintenance opportunities received - T4 time out". I have never seen this before and the system log is always empty. The mac address provided for this log is the exact same, except the last digit, as my router shown in network infastructure on my network.

The firewall log has always had logs which I just ignored. The recent logs show a message of "[Firewall: WAN_Port_Filter]IN=wan1 OUT= DST-MAC" followed by a mac address that is also the exact same, except the last digit as my router.

Asus rampage 3 formula x58 motherboard. Antec 1200 truepower quattro power supply. The router is a SMC networks with model # SMCD3GNV.

Thanks again I appreciate it, already understand this problem a lot better from the posts and info provided.

 

[Drinpaw]

I logged back onto my gateway today and it shows a new offline device named "pc_1717" that replaced the unknown offline device. I called comcast and a network guy also asked if I was running a virtual computer which I am not. Is there any way to see if one is setup without my knowledge? The router is being replaced so hopefully that fixes it. So far I havnt been able to fix the problem, even when changing the mac address and looking into some of the information asked here.

 

[COLGeek]

A couple of things to consider immediately. First, I would recommend you change the router's admin password and your wireless network password immediately (if you haven't already done so. Also, I would quit trying to change the MAC address of your PC. Use the MAC address assigned to the PC's network adapter. Instead, I would recommend changing your IP address range in the router (for example from 192.168.1.x to 192.168.10.x). This will throw off the potential lurker as well as the password change.

 

[reachtoalam]

Hi friend,

First of all I want to tell you that Mac address is a unique address that can never be same, I think you know that as I read your question, I think the solution for your problem is to update your firmware, I had almost the same problem in my linksys router, I called their customer support and discussed my problem few hours, I followed as they said to me but ultimately after firmware updation, everything came back to normal.

Try this after reading your manual carefully.

 

[Old guy in Oz]

I have this issue too and have been researching it since it appeared in the last couple of days. First noticed this additional computer named "LAURA" in my network when using my set top box to surf to a movie on my NAS. But checking on my desktop, an extra computer named "LAURA" is showing in the network map all of a sudden. The change to my system immediately before the issue arose was introducing a new cable modem/router/wifi, supplied for a new VDSL2/VOIP account.

From searching the net and reading many reports of similar issues going back to 2009 at least, no one ever gets to a proper solution (on forums at least). Lots of suggestions about passwords, excluding MAC addresses, homegroup printer and file sharing settings, even wiping the whole hard drive and staring again(!) I tried various modem settings/new passwords, etc., but makes no difference. Most issue reporters don't seem to be seeing actual data usage by the unknown computer (and I don't think I am either).

For what it's worth, my working assumption now (based on all the issues folks seem to have tried and not succeeded in fixing) is it's maybe someone in the vicinity with the same brand/model of wifi-enabled router with the same MAC address showing up as a 'connection' but in name only. i.e. it looks like they are connected to the network but, assuming you have appropriate WPA2/passwords/etc. in place (which I do) they aren't actually getting access to my modem/NAS/LAN/net connection.

Hopefully the other person is also worrying about my/your pc showing unexpectedly in their network!

So my take on it for the moment is that they are not stealing my ISP bandwidth, but that it's just another annoying twist in the wacky world of PCs.

Alternatively, the other faint possibility (suggested on another forum some years ago) seems to be that a technician (in my case, "LAURA") either at Huawei or the folks who set up my ISP default settings, may have somehow logged in to the router check the HG658 router was working before it was shipped and that connection is still showing up as some kind of 'ghost' connection!

So - not a solution but perhaps greater peace of mind!