Strange connections on my network
Gabin45
Posted messages
7
Status
Member
-
brupala Posted messages 111154 Registration date Status Member Last intervention -
brupala Posted messages 111154 Registration date Status Member Last intervention -
Hello,
For some time now, I've been noticing strange connections on my network (which I can observe via Kaspersky Security Cloud) taking the same name as two of my devices (sometimes, it depends) but with a different MAC address and another IP address; 192.168.x.x. And when consulting the vendor of these "devices", it is not the same, but a "MSFT 5.0" vendor instead of the motherboard.
On my desktop PC, this connection persists a few times a day, since Friday, when I updated my VPN (Proton VPN) and switched to a local 5 network instead of 2 (according to my previous observations), furthermore, I am unable to connect to my other VPNs (different from Proton). The strange connection, which has the same name as my computer, indicates, as explained above, a different MAC address (which remains the same for this device), another vendor, and another IP address starting with 192.168.x.x (nothing strange about the IP, it remains consistent).
I have a lot of suspicions, particularly regarding hacking, "MAC spoofing", etc. Even though I talked to some knowledgeable people in the field on a tech support Discord, and they could not establish any link between any hacking and this connection.
I'd also like to add that the connection lasts only a few seconds (not even) and it apparently seems linked to my PC (the vendor that had the name of my motherboard suddenly turns into "MSFT 5.0" before changing 1 second later).
To conclude these long paragraphs where I have laid out my problem without knowing the exact source, it is necessary to recall that, on my little PC more than a month ago, I had this same type of connection (but this time with another vendor "Ho Hai - I can't remember what - " when I was using it, and I think it is more related to an integrity issue on this same PC, the "remote registry" activates at every startup (but I remain quite skeptical about any link between these two issues... Needless to say, I have done everything in terms of verification methods: scans, rootkit searches, verification of operating system integrity violations, etc. While knowing that I am generally very cautious on the net, it has even become paranoia.
Hoping to gather as many relevant responses as possible from specialists, best regards.
Configuration: Windows / Edge 86.0.622.43
For some time now, I've been noticing strange connections on my network (which I can observe via Kaspersky Security Cloud) taking the same name as two of my devices (sometimes, it depends) but with a different MAC address and another IP address; 192.168.x.x. And when consulting the vendor of these "devices", it is not the same, but a "MSFT 5.0" vendor instead of the motherboard.
On my desktop PC, this connection persists a few times a day, since Friday, when I updated my VPN (Proton VPN) and switched to a local 5 network instead of 2 (according to my previous observations), furthermore, I am unable to connect to my other VPNs (different from Proton). The strange connection, which has the same name as my computer, indicates, as explained above, a different MAC address (which remains the same for this device), another vendor, and another IP address starting with 192.168.x.x (nothing strange about the IP, it remains consistent).
I have a lot of suspicions, particularly regarding hacking, "MAC spoofing", etc. Even though I talked to some knowledgeable people in the field on a tech support Discord, and they could not establish any link between any hacking and this connection.
I'd also like to add that the connection lasts only a few seconds (not even) and it apparently seems linked to my PC (the vendor that had the name of my motherboard suddenly turns into "MSFT 5.0" before changing 1 second later).
To conclude these long paragraphs where I have laid out my problem without knowing the exact source, it is necessary to recall that, on my little PC more than a month ago, I had this same type of connection (but this time with another vendor "Ho Hai - I can't remember what - " when I was using it, and I think it is more related to an integrity issue on this same PC, the "remote registry" activates at every startup (but I remain quite skeptical about any link between these two issues... Needless to say, I have done everything in terms of verification methods: scans, rootkit searches, verification of operating system integrity violations, etc. While knowing that I am generally very cautious on the net, it has even become paranoia.
Hoping to gather as many relevant responses as possible from specialists, best regards.
Configuration: Windows / Edge 86.0.622.43
8 answers
-
Hello,
This isn't about strange connections... but simply the Windows DHCP service reissuing a DHCP request to the router.
MSFT 5.0 is the vendor ID (manufacturer) that the DHCP client integrated in Windows versions after 2000 uses. Every X amount of time, the PC sends a DHCP request to the router to check its IP, route, and gateway assignment. It may be linked to the enabled VPN that disrupts the configuration or the DHCP lease.
--
~ To listen is to possess, besides one's own, the minds of others... said Leonardo da Vinci.
~ “The art of writing is primarily to make oneself understood” — Eugène Delacroix.-
-
In fact, I see that it's the DHCP option 60 that defines the Vendor class, not a vendor name which corresponds more to the OUI ...
-
-
Hello
this is District 17!
the address thieves have taken control of your pc, your life, the earth
https://www.192-168-1-1-box.com/
Take the time to comment!
A thank you is appreciated.
Mark it as resolved if your issue has been solved. I address everyone informally. -
-
I just added a very strange observation; two devices connected to my network for just 1 or 2 seconds with the same name as my desktop PC and my laptop, having different IP and MAC addresses while sharing the same vendor "MSFT 5.0". I really need help...
Moreover, every time I restart my small PC, my Kaspersky indicates that the remote registry is enabled. -
Well, I just accessed the router interface, I don't understand, in "devices" the MSFT 5.0 are home devices usually connected after checking the MAC address, the IP address, and their names.
I think there’s an issue with the VPN, but that’s not the end goal.
Should I add the strange connections to the blacklist of banned connections on my router interface or should I proceed differently?
Anyway, I'll wait until tomorrow for more answers. But I really need help. -
what you are describing is simply the functioning of the local network of the box+PC+devices
https://opensharing.fr/isc-dhcp-serveur-dhcp-primaire
lol....
--
Take the time to comment!
A thank you is nice.
Mark as resolved if your issue has been solved. I use the informal 'you' with everyone. -
Thank you for your answers, I will keep the file nonetheless.
-
Hi,
first of all,
it would be nice if Kaspersky, like other antivirus programs, would just focus on monitoring viruses instead of meddling so stupidly in what happens on a network, especially a local one.
Then,
what's the point of what you call a VPN (actually a half-VPN, just a remote NAT in practice)?
If it's to hide your data from someone, that's a fail; you're sending it straight to that VPN provider whose actions you don't know about.
In any case, MSFT means Microsoft, a well-known operating system provider (among other things) for decades and not particularly known for being a hacker, except a bit of a bank account raider with its fees.