Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Resolved Question

Finding unauthorized devices on my network

by May 1, 2014 12:53AM PDT

Hi,

I am looking for a way to find unauthorized devices on my network. Let's say an employee brings in their personal laptop and connects to my network via CAT5, and they use a static IP Address, and have their Windows firewall turned on.

With a static IP, this laptop will not show up in DHCP
With the firewall turned on, this laptop will not return a ping

This is my dilemma. How can I know if someone is doing this?

Thoughts?

Thanks.

Discussion is locked

tropicalbound has chosen the best answer to their question. View answer
6 Posts
- Collapse + Expand Details

Best Answer

- Collapse -
It's unlikely if you let me do this.
by Forum moderator May 1, 2014 1:11AM PDT

For example the most common method is to list the connected devices by MAC address. Since I can change that to an authorized MAC address you would be none the wiser.

It appears you are starting your research and only listed the IP/DHCP angle but not the MAC address. There are tomes about that so I won't duplicate that here. HOWEVER you should look at your router/etc. and see if you can limit connections by MAC addresses. If you want to hamper them from carrying in any old thing, only allow those MAC addresses.
Bob

- Collapse -
Finding unauthorized devices on my network
by tropicalbound May 6, 2014 7:52AM PDT

Filtering MAC addresses at the router won't prevent access to my network. It would only prevent them from traversing the router, like out to the Internet for example. I'm looking for a way to know if an employees has brought in a personal laptop and connected it to my network (assume the firewall is turned on and they have given themselves a static IP). There has to be a way.....

- Collapse -
Your reply tells me
by r. proffitt Forum moderator May 6, 2014 7:56AM PDT

Either you understood that dealing with someone like me that wrote router code and knows how to change my MAC address to avoid detection or maybe you didn't. I can't tell at this point.

Why not look at your DHCP logs now and identify each device along with its MAC address?

Also, self assigned IP addresses still show up in the ARP lists. So between both the remaining issue is someone like me. Which there are few of.
Bob

- Collapse -
Finding unauthorized devices on my network
by tropicalbound May 6, 2014 10:14PM PDT

I understand a MAC address can be changed quite easily. I do it myself for various reasons. As far as the ARP table is concerned, my routers are managed by my data provider, so I do not have access to them. I think I'm about out of options, so I may have to focus my attention to my network switches. I may be able to manipulate those ARP tables.

- Collapse -
Sorry but why manipulate the table?
by r. proffitt Forum moderator May 7, 2014 2:03AM PDT

For detection, all I need is the report.
Bob

- Collapse -
"My routers are managed by my data provider"
by Pepe7 May 7, 2014 2:13AM PDT

I think we have a winner Wink

Back to Networking & Wireless forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info