Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 7 subscribers
  • Views 2709 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unknown Host Remediation

busthead

Hello,

My UTMs Management->Licensing->Active IP Addresses page lists two unknown hosts:

192.168.0.102

192.168.0.105

Interestingly, these hosts are in my (tight) DHCP range but are NOT receiving their IP address from my DHCP server.

runZero asset discovery does not find either of these hosts.

Are the MAC addresses of the Active IP Addresses captured somewhere?

Any ideas on how to track down these hosts?

Thanks!



This thread was automatically locked due to age.
  • 0 in reply to busthead

    Interestingly, after changing my DHCP IP address lease range, blocking the old range at the Firewall and Web Filter, the hosts aren't listed in Management->Licensing->Active IP Addresses any longer.

    So the question remains, is there something malicious on my network, something misconfigured, or another explanation?

    I'm confident that if I disable the Firewall and Web Filter rules, the devices will reappear in the UTM's list - but remain undiscoverable on the network.

  • 0 in reply to busthead

    At these times, when even italian coffee machines have WiFi, you could only test one device after the other if something reappears in your list.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML