I did that. Nothing stopped working including a ping response from the mystery service. As far as I can tell, blocking the MAC address had no effect.
I’m not familiar with the router.
It may be the IP assigned to the VOIP device. Do you have a phone plugged into it?
Now that is an excellent suggestion. Yes, there is a VOIP phone plugged into the router. I haven’t noticed a specific local IP address assigned to phones in the past, but I wasn’t looking for it.
Thanks
If you can ping it, it’s still connected, yes. I don’t know the ins and outs of your router, but it’s possible that after blocking the device, you may have to reboot the router. IOW, blocking a device might just prevent it connecting but not actively kick it off the network.
I seem to recall that a past router I had maintained different MAC addresses for ethernet and wifi. Am I mis-remembering or is that a possibility?
Do you have wireless cable boxes? Is it possibly the device that broadcasts the signal to the wireless boxes?
Try running nmap on it with a couple of options like “-sS -A -T4”. That should produce enough information to narrow down which device it is.
Even if you have to chain another router after the AT&T one, it still provides another layer of security.
A router’s main security function is just to discard wayward botnet traffic anyway, so even if your AT&T is so horribly compromised that it lets random stuff into your LAN, your second router should just discard it since there’s not a port mapping for it to go to.
From what I remember of my shitty Uverse router, it didn’t let me adopt an actual bridge mode, but you can turn off some of the features and just pass most traffic through to a secondary router and let that do all the work.
If you connect all your devices to the second router instead of the AT&T one, it doesn’t really matter what the other unidentified IP is. To your second router, it just looks like any other traffic outside your LAN, meaning it’ll be ignored unless there’s an active request from within your network to it, or a port forward that you manually set up.
Keep your VOIP connected directly to the first router and it should still continue to work, while your other devices are shielded by the second router that you 100% control.
You probably shouldn’t trust ISP-issued routers anyway. They’re rarely updated and often deliberately backdoored, on top of frequent wifi and performance issues.
Thanks.
there are certainly backdoors in the UVerse routers (see my earlier post). Updates however aren’t a problem any more. The router updates itself whenever it wants to-which apparently is quite frequently. What changes are made are of course completely obscure.
Are the AT&T modem and router two separate units or one? Is there really no way to replace one or both with a decent-brand, non-shitty router?
Did the mystery device turn out to be just a VOIP phone, or something more nefarious?
AT&T gives you a combination modem, router, and wifi access point. You are free to plug your own router or wifi/router into your AT&T modem. However, if you have TV service or VoIP phone, those must be plugged directly into the modem.
Their security checks won’t let you use their internet unless you are going through the modem they supplied you.
Try running ping then arp-a from both wired and wifi to get the associated mac of your router.
IPCONFIG /ALL will tell you the gateway IP address - maybe different for wifi?
treaceroute 8.8.8.8 will show you the hops (sifi vs. wired) to get to the internet. Does it go via the 1.68 address?
Thanks. I will try that.
I still don’t know whether the mystery local IP is for the VOIP or not.
As stated by others, the modem and router are the same physical box. I have not put my own router in yet. But I am considering it.
Thank you again for all the input.