Strange connections on my network
Gabin45
Posted messages
7
Status
Membre
-
brupala Posted messages 111943 Registration date Status Membre Last intervention -
brupala Posted messages 111943 Registration date Status Membre Last intervention -
Hello,
For some time now, I've been noticing strange connections on my network (which I can observe via Kaspersky Security Cloud) taking the same name as two of my devices (sometimes, it depends) but with a different MAC address and another IP address; 192.168.x.x. And when consulting the vendor of these "devices", it is not the same, but a "MSFT 5.0" vendor instead of the motherboard.
On my desktop PC, this connection persists a few times a day, since Friday, when I updated my VPN (Proton VPN) and switched to a local 5 network instead of 2 (according to my previous observations), furthermore, I am unable to connect to my other VPNs (different from Proton). The strange connection, which has the same name as my computer, indicates, as explained above, a different MAC address (which remains the same for this device), another vendor, and another IP address starting with 192.168.x.x (nothing strange about the IP, it remains consistent).
I have a lot of suspicions, particularly regarding hacking, "MAC spoofing", etc. Even though I talked to some knowledgeable people in the field on a tech support Discord, and they could not establish any link between any hacking and this connection.
I'd also like to add that the connection lasts only a few seconds (not even) and it apparently seems linked to my PC (the vendor that had the name of my motherboard suddenly turns into "MSFT 5.0" before changing 1 second later).
To conclude these long paragraphs where I have laid out my problem without knowing the exact source, it is necessary to recall that, on my little PC more than a month ago, I had this same type of connection (but this time with another vendor "Ho Hai - I can't remember what - " when I was using it, and I think it is more related to an integrity issue on this same PC, the "remote registry" activates at every startup (but I remain quite skeptical about any link between these two issues... Needless to say, I have done everything in terms of verification methods: scans, rootkit searches, verification of operating system integrity violations, etc. While knowing that I am generally very cautious on the net, it has even become paranoia.
Hoping to gather as many relevant responses as possible from specialists, best regards.
Configuration: Windows / Edge 86.0.622.43
For some time now, I've been noticing strange connections on my network (which I can observe via Kaspersky Security Cloud) taking the same name as two of my devices (sometimes, it depends) but with a different MAC address and another IP address; 192.168.x.x. And when consulting the vendor of these "devices", it is not the same, but a "MSFT 5.0" vendor instead of the motherboard.
On my desktop PC, this connection persists a few times a day, since Friday, when I updated my VPN (Proton VPN) and switched to a local 5 network instead of 2 (according to my previous observations), furthermore, I am unable to connect to my other VPNs (different from Proton). The strange connection, which has the same name as my computer, indicates, as explained above, a different MAC address (which remains the same for this device), another vendor, and another IP address starting with 192.168.x.x (nothing strange about the IP, it remains consistent).
I have a lot of suspicions, particularly regarding hacking, "MAC spoofing", etc. Even though I talked to some knowledgeable people in the field on a tech support Discord, and they could not establish any link between any hacking and this connection.
I'd also like to add that the connection lasts only a few seconds (not even) and it apparently seems linked to my PC (the vendor that had the name of my motherboard suddenly turns into "MSFT 5.0" before changing 1 second later).
To conclude these long paragraphs where I have laid out my problem without knowing the exact source, it is necessary to recall that, on my little PC more than a month ago, I had this same type of connection (but this time with another vendor "Ho Hai - I can't remember what - " when I was using it, and I think it is more related to an integrity issue on this same PC, the "remote registry" activates at every startup (but I remain quite skeptical about any link between these two issues... Needless to say, I have done everything in terms of verification methods: scans, rootkit searches, verification of operating system integrity violations, etc. While knowing that I am generally very cautious on the net, it has even become paranoia.
Hoping to gather as many relevant responses as possible from specialists, best regards.
Configuration: Windows / Edge 86.0.622.43
8 réponses
Hello,
This isn't about strange connections... but simply the Windows DHCP service reissuing a DHCP request to the router.
MSFT 5.0 is the vendor ID (manufacturer) that the DHCP client integrated in Windows versions after 2000 uses. Every X amount of time, the PC sends a DHCP request to the router to check its IP, route, and gateway assignment. It may be linked to the enabled VPN that disrupts the configuration or the DHCP lease.
--
~ To listen is to possess, besides one's own, the minds of others... said Leonardo da Vinci.
~ “The art of writing is primarily to make oneself understood” — Eugène Delacroix.
This isn't about strange connections... but simply the Windows DHCP service reissuing a DHCP request to the router.
MSFT 5.0 is the vendor ID (manufacturer) that the DHCP client integrated in Windows versions after 2000 uses. Every X amount of time, the PC sends a DHCP request to the router to check its IP, route, and gateway assignment. It may be linked to the enabled VPN that disrupts the configuration or the DHCP lease.
--
~ To listen is to possess, besides one's own, the minds of others... said Leonardo da Vinci.
~ “The art of writing is primarily to make oneself understood” — Eugène Delacroix.
Hello
this is District 17!
the address thieves have taken control of your pc, your life, the earth
https://www.192-168-1-1-box.com/
Take the time to comment!
A thank you is appreciated.
Mark it as resolved if your issue has been solved. I address everyone informally.
this is District 17!
the address thieves have taken control of your pc, your life, the earth
https://www.192-168-1-1-box.com/
Take the time to comment!
A thank you is appreciated.
Mark it as resolved if your issue has been solved. I address everyone informally.
I just added a very strange observation; two devices connected to my network for just 1 or 2 seconds with the same name as my desktop PC and my laptop, having different IP and MAC addresses while sharing the same vendor "MSFT 5.0". I really need help...
Moreover, every time I restart my small PC, my Kaspersky indicates that the remote registry is enabled.
Moreover, every time I restart my small PC, my Kaspersky indicates that the remote registry is enabled.
Well, I just accessed the router interface, I don't understand, in "devices" the MSFT 5.0 are home devices usually connected after checking the MAC address, the IP address, and their names.
I think there’s an issue with the VPN, but that’s not the end goal.
Should I add the strange connections to the blacklist of banned connections on my router interface or should I proceed differently?
Anyway, I'll wait until tomorrow for more answers. But I really need help.
I think there’s an issue with the VPN, but that’s not the end goal.
Should I add the strange connections to the blacklist of banned connections on my router interface or should I proceed differently?
Anyway, I'll wait until tomorrow for more answers. But I really need help.
what you are describing is simply the functioning of the local network of the box+PC+devices
https://opensharing.fr/isc-dhcp-serveur-dhcp-primaire
lol....
--
Take the time to comment!
A thank you is nice.
Mark as resolved if your issue has been solved. I use the informal 'you' with everyone.
https://opensharing.fr/isc-dhcp-serveur-dhcp-primaire
lol....
--
Take the time to comment!
A thank you is nice.
Mark as resolved if your issue has been solved. I use the informal 'you' with everyone.
Hi,
first of all,
it would be nice if Kaspersky, like other antivirus programs, would just focus on monitoring viruses instead of meddling so stupidly in what happens on a network, especially a local one.
Then,
what's the point of what you call a VPN (actually a half-VPN, just a remote NAT in practice)?
If it's to hide your data from someone, that's a fail; you're sending it straight to that VPN provider whose actions you don't know about.
In any case, MSFT means Microsoft, a well-known operating system provider (among other things) for decades and not particularly known for being a hacker, except a bit of a bank account raider with its fees.
first of all,
it would be nice if Kaspersky, like other antivirus programs, would just focus on monitoring viruses instead of meddling so stupidly in what happens on a network, especially a local one.
Then,
what's the point of what you call a VPN (actually a half-VPN, just a remote NAT in practice)?
If it's to hide your data from someone, that's a fail; you're sending it straight to that VPN provider whose actions you don't know about.
In any case, MSFT means Microsoft, a well-known operating system provider (among other things) for decades and not particularly known for being a hacker, except a bit of a bank account raider with its fees.
It has nothing to do with a MAC YES?