What's new

Network client list Unknown Client

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

zombiewarpig

New Around Here
Hey,

So I noticed check point software tech with an ip and connected as Ethernet showed up on my router. When I rebooted this client disappeared. I log into my router weekly and have never seen this before. I have an Asus RT-AX88U with Firewall enabled.

I know its some kind of firewall company but not Trendmicro so I am a little concerned.

Any Clues?
 
Last edited:
Hey,

So I noticed check point software tech with an ip and connected as Ethernet showed up on my router. When I rebooted this client disappeared. I log into my router weekly and have never seen this before. I have an Asus RT-AX88U with Firewall enabled.

I know its an some kind of firewall company but not Trendmicro so I am a little concerned.

Any Clues?

Where did you notice this? What firmware are you running? Is your network (Ethernet) open to unknown users?

Depending on the answers other members offer here, at the very least I would be changing all the passwords to everything connected on your network. Starting with your router being offline (physically disconnected from the internet) as you do so and the wireless radios turned off. :(
 
Where did you notice this? What firmware are you running? Is your network (Ethernet) open to unknown users?

Depending on the answers other members offer here, at the very least I would be changing all the passwords to everything connected on your network. Starting with your router being offline (physically disconnected from the internet) as you do so and the wireless radios turned off. :(
I noticed it in the client list and running the lastest firmware 3.0.0.4.384_5951-g3f2c0c6. I have named everything on my network so this stuck out as I dont have anything plugged in to Ethernet that's not named.

check.jpg
 
You're not making this too easy. What router are we talking about here?

What is the IP of that client?

Is it back again? Or is that an old screenshot?
 
You're not making this too easy. What router are we talking about here?

What is the IP of that client?

Is it back again? Or is that an old screenshot?
I appreciate any help but to be fair I already listed my router, firmware, and dates that the software has been on my network. The ip was 192.168.1.13 via ethernet and it has not come back as of yet.
 
I appreciate any help but to be fair I already listed my router, firmware, and dates that the software has been on my network. The ip was 192.168.1.13 via ethernet and it has not come back as of yet.

Yes, the router is listed, but I don't see the 'dates' that it's been on your network though.

Next time you see it. Shut down each client device one by one, waiting and checking to see if the check point software tech IP also disappears. This may possibly be installed on one of your own devices.
 
Yes, the router is listed, but I don't see the 'dates' that it's been on your network though.

Next time you see it. Shut down each client device one by one, waiting and checking to see if the check point software tech IP also disappears. This may possibly be installed on one of your own devices.
The dates are at the bottom of the graph. It seems like its not using much bandwidth so I dont suspect it's someone connected to my network per say but I only have ring security, desktop, Server, and Tv on ethernet. Everything else is on wireless.
 
The dates are at the bottom of the graph. It seems like its not using much bandwidth so I dont suspect it's someone connected to my network per say but I only have ring security, desktop, Server, and Tv on ethernet. Everything else is on wireless.

Someone or something is connected. The relatively small bandwidth is no indication of the possible harm/intrusion this may be.

Do you use google anything? This seems to be connected somehow.

https://www.checkpoint.com/
 
Someone or something is connected. The relatively small bandwidth is no indication of the possible harm/intrusion this may be.

Do you use google anything? This seems to be connected somehow.

https://www.checkpoint.com/
Yeah as I stated above that it's a firewall company but not trend micro which is what asus firewall uses. I agree something is connected but I just meant I dont think it's a person directly leaching my internet. It's just weird that it is a legit security company showing up as connected to my ethernet that has me lost.
 
Yeah as I stated above that it's a firewall company but not trend micro which is what asus firewall uses. I agree something is connected but I just meant I dont think it's a person directly leaching my internet. It's just weird that it is a legit security company showing up as connected to my ethernet that has me lost.

You really don't answer questions very well. :)

I hope you solve this quickly. ;)
 
The dates are at the bottom of the graph. It seems like its not using much bandwidth so I dont suspect it's someone connected to my network per say but I only have ring security, desktop, Server, and Tv on ethernet. Everything else is on wireless.

Tell us more about this
 
It's a plex server.

Can you change the "month"dropdown to expand it out further and see if it connected prior to March. Looks like it was hardly connected at all until April 15th and was using quite a bit of data compared to what it started out using. Anything significant about that date as to the others that you know of
 
Can you change the "month"dropdown to expand it out further and see if it connected prior to March. Looks like it was hardly connected at all until April 15th and was using quite a bit of data compared to what it started out using. Anything significant about that date as to the others that you know of
So My server is custom build with a supermicro server board and 3 lan ports. I copied the mac address and googled it with a mac finder and supermicro came up. I disconnected the ethernet from the server and both ip's went offline. I then plugged in to the second ethernet and now the old server ip and the checkpoint ip shows offline with a new ip setup. I can't look back any further on that graph. I still don't understand unless that port has some built in checkpoint security.
 
The name "Check Point Software Technologies" will be derived from the device's MAC address. Looking for an exact match on that in the OUI database gives us 3 possible MAC addresses:

00:A0:8E
00:1C:7F
00:12:C1

So look for devices with MAC addresses that start with these numbers.
 
Last edited:
The name "Check Point Software Technologies" will be derived from the device's MAC address. Looking for an exact match on that in the OUI database gives us 3 possible MAC addresses:

00:A0:8E
00:1C:7F
00:12:C1

So look for devices with MAC addresses that start with these numbers.
It's coming up with mac 00:25:90:F7:5B
 
You seem to be missing the last octet. But regardless, 00:25:90 is registered to Super Micro Computer, Inc. so I'm not sure how it came up with Checkpoint. A bug perhaps.

"But that’s just what U.S. investigators found: The chips had been inserted during the manufacturing process, two officials say, by operatives from a unit of the People’s Liberation Army. In Supermicro, China’s spies appear to have found a perfect conduit for what U.S. officials now describe as the most significant supply chain attack known to have been carried out against American companies."

https://www.bloomberg.com/news/feat...ny-chip-to-infiltrate-america-s-top-companies

:)

OE
 
But why a separate IP that is not even in between the signed ips. server up was 192.168.50.86 and checkpoint was 192.168.1.113. How do I have two clients and two ips on one port?
 
Last edited:
But why a separate IP that is not even in between the signed ips. server up was 192.168.50.86 and checkpoint was 192.168.1.113. How do I have two clients and two ips on one port?

Hardwired.

The real question is how soon are you taking this off your network? Seems very suspicious as of right now.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top