Can anyone give me any info on this? It is showing as active on my network. No machines I have match it's mac addrs. which is, 00:18:8B:8A:3E:1B. The name is Mindless-PC. Thanks for your time. asked 25 Jul '13, 10:19  ham hamlin edited 25 Jul '13, 12:39  Kurt Knochner ♦ |
One Answer:
well.. no, as nobody here has access to your network ;-)
This seems to be a fake address, as there is no vendor code 10:18:8b.
I guess one of your users is playing ARP spoofing games, for whatever reason (Sniffing, Man in the middle, etc.). If you have managed switches, you can figure the port where that system is connected to the switch (how to do this depends on the vendor - please read the manual - look for 'mac address' list or similar). Then 'follow the cable' to the system. If you operate a WLAN, please check that as well (weak passwords or other vulnerabilities). UPDATE The title (Dell ESG PCBA Test) (finally) made me curious :-) Now, I believe there is a typo in the MAC address. Instead of 10:18:8B it should read: 00:18:8B, which is indeed a MAC prefix used by DELL. Unfortunately there is not much useful information out there about those MAC addresses and why/where they are used. Strange thing. Anyway, please try to find the switch port and then follow the cable. Maybe it belongs to a Dell DRAC board or something. UPDATE 2 That MAC prefix is mentioned in the following document, in the context of a Blade Server Chassis.
Also here: As the MAC address of the BMC interface.
Conclusion: That MAC address seems to be related to DRAC/BMC. Regards answered 25 Jul '13, 10:48 Kurt Knochner ♦ edited 25 Jul '13, 11:53 showing 5 of 9 show 4 more comments |
I JUST FIGURED OUT I SHOULD HAVE MADE COMMENT NOT ANSWER. SORRY
Yes you are correct about the mac (sorry). I thought you may have solved a problem/mystery I had about 1 1/2 years ago with your first reply. I will give you a summary if this turns out to be my culprit. I am about 99% sure they used a network here to get access to my personal laptop.
I have checked all machines running that would have a mac addrs to no avail. You went a little over my head when you mentioned managing switches. I assume you are talking about physically following a cable from one place to another.
I had no luck doing searches either. What I did find I did not really understand.
The network I am on only has two laptops, one wireless printer (rarely used), one desktop, two business type desktops that are not online and used for receipts and other business forms, and a security system. Thanks again for your time and input.
Are you able to mange your switched through a Web-Interface or via telnet/ssh? If so, you should be able to view all MAC addresses known to the switch and the associated port.
If your switch has no management capabilities (Web-GUI, etc. - like a cheap small office switch), you cannot check the MAC address / port relation.
Only after you know on which port that MAC address shows up.
O.K. with that list of systems, we can rule out any Dell DRAC/BMC solution, right? Do you own any Dell systems?
BTW: Where did you see that Dell MAC address?
Are you sure the wireless access to/of that printer is really secured?
Sorry for answering again but I can't comment due to site saying it thinks I am spamming or something. It will let me answer after passing "Captcha". I tried to find a way to contact admin. with no luck. Maybe someone could point me in the right direction.
(BTW: Where did you see that Dell MAC address?)
I used a free program called "Advanced IP Scanner" to find mac addresses on network. If it is possible I could post a screen shot.
(Are you sure the wireless access to/of that printer is really secured?)
I actually was suspicious of it when I was first compromised/hacked.
(Do you own any Dell systems?)
Both of my laptops are Dell. They have both been on the network we are discussing. The only other Dell on that network is the business machine described earlier.
I at least figured out how to convert to comment.
If the site does not allow you to post pictures, post them elsewhere (free hosting services, google drive, dropbox, etc.)
What exactly is that 'business machine' and do you still see the MAC address if you disconnect that machine from the network?
I will check when we close. That will be 2 hours from time stamp of this post. It may be a couple of hours from then when I get back to you with the answer. Thanks, Buck
Here is the screen shot. I will post more info in a little while.
http://i1354.photobucket.com/albums/q686/hambone5767/111pppp_zps5bf2bd95.jpg
According to the screenshot, the system in question has the IP 192.168.1.65. Is that an IP address of any of the mentioned systems?
Then again: What exactly is that Dell 'business machine' and do you still see the MAC address if you disconnect that machine from the network and re-run the scanner?
Yes, that is the right IP
No. That was the first thing I did.
I just tried the scan with machines in question shut down. It still shows as alive. Do you still need to know how they are used?
This may not be of any importance but, I am running the scans from my laptop and using wireless to get on line. I have checked all machines that have wireless connections including routers and printers. None match.
I ran a scan from another laptop(Toshiba) that never leaves the building. It showed the same exact thing.
I also checked all Bluetooth device adddrs.