Mac Forums

Mac Forums (http://www.mac-forums.com/forums/)
-   OS X - Operating System (http://www.mac-forums.com/forums/os-x-operating-system/)
-   -   Strange Computer IP in "Shared" (http://www.mac-forums.com/forums/os-x-operating-system/285633-strange-computer-ip-shared.html)

talk2bks 09-28-2012 06:18 PM

Strange Computer IP in "Shared"
 
https://lh5.googleusercontent.com/-Z...5.07.27+PM.png

I noticed today that there is a "shared" computer on the sidebar. It is giving me an IP address that is not inside my house.

1. I've changed my WIFI password using WPA,
2. I've deactivated WIFI
3. I've turned off all computers in my house
4. I've unplugged all ethernet cables except the one going straight into my mac.
5. I've ran antivirus software.

The only thing that gets rid of the computer is if I turn off all file sharing in my firewall. But that blocks everything else like dropbox and skype.

The IP address is not my house but it is in my city. I've called my Internet provider and they say it has nothing to do with them.

What do I do?

bboggess 09-28-2012 07:51 PM

1. Any kind of remote desktop software running?
2. Any virtual machine software running like vmware, parallells or virtual box? Sometimes those may create a share.
3. Have you rebooted your machine? The IP address that you gave does not ping.
4. Running "who" from the command prompt will let you see who is logged into your machine. In other words, open up a command prompt and type "who" without the quotes. Any user other than your user name is a poacher.
5. Reboot your router. Is your router default password changed. Not the WIFI password but the admin password.
6. Running netstat -a from the command prompt will give you a list of all ports on your computer that is accessible as well as what IP address is connected to it. In other words, open up a command prompt and type "netstat -a" without the quotes and you'll see a long list. It may take a minute to run. Wait until the command prompt returns.
7. From the command prompt type "whois 24.16.99.251" without the quotes. It will give you the ISP of the IP address with contact info. If this is not your ISP, perhaps check with them.

Hope this helps a little bit.

Bill

talk2bks 09-28-2012 08:20 PM

Thanks Bill!!!

1. I don't have an remote desktop installed.
2. I have virtual box but haven't used it in months.
3. I have rebooted my computer, modem and router
4. When I do "who" it gives me

Brian console Sep 28 12:08
Brian ttys000 Sep 28 19:08

5. I have restarted the router and the modem but I will again. I have changed the admin password as well.
6. netstat -a gives me a bunch of stuff. 65+ lines before I get to the local unix. I don't know if that's normal. In the Local Address Column, all IPs are my local machine. However, there are a bunch of *.kerberos or *.ipp. I don't know if there should be wildcards. Also two of the responses had my local machine trying to connect to Kansas and the other to Germany. This could be due to any chrome extension.
7. The whois 24.116.99.251 is my ISP in my town. Just not my house. I did call them to see if this could be their system trying to do something. They said it wasn't.


The ip address is not pinging back for me either. I'm assuming that 24-116-99-251 is refering to an IP address.

Thanks for any reply.

dtravis7 09-28-2012 08:28 PM

If you unplug the network cable does the share disappear?

You using Cable? DSL? If you turn off the modem does the share disappear?

peterbj7 09-28-2012 08:52 PM

I'm watching this very carefully as similar has happened to me, and I've never got to the bottom of it.

talk2bks 09-28-2012 09:19 PM

Okay, taking Bill's advice I restarted the router one last time. Something I've done several times before. So far the computer has not shown back up. Here's what I did. I'm sure most is overkill but don't waist the 8 hours I have so far today if this may work for you in the first 5 minutes.

1. unplug modem.
2. turn off computer
3. unplug router.
4. wait.
5. plug in modem wait of all green lights.
6. plug back in router. wait. then hard reset (press the pinhole).
7. Start computer
8. log into router, factory reset, set router back up, changing wireless name to ATF Surv van #47.
9. Watch crackheads from next door leave.

So far the "Shared " computer has not shown back up. I'm keeping a close eye on it though.

This happened shortly after I updated: iTunes & Mamp pro 2.1.1. Last night my router kept crashing, knocking everything off line. All this combined could have done something.

The computer disappeared when I was either offline (so it's not internal), or when I stopped all file-sharing in my firewall.

I really hope this helps.

bboggess 09-28-2012 11:07 PM

Was Mamp active when you had the "Share" showing up? Running server software can be cause for concern depending on how it was secured. Did you have ports opened on your router for Mamp for outside access? STRONG PASSWORDS are a must if you are running a server. Just something to consider.

Bill

talk2bks 09-29-2012 09:14 AM

Mamp was not running and I don't have any ports opened. It's been several hours and the computer has not shown back up. Thanks for everyones help.

talk2bks 09-29-2012 11:23 AM

New Developments:

I'm just sitting here and the computer pops back on. I've unplugged all unnecessary devices and it stays on. The only time it's going away is when I turn off file sharing. I'm going to be messing with those settings to see where the problem could be.

I'm going through the "Sharing" settings in the system prefs instead of the firewall which I did last time.

Check this out.
Inside sharing -> "Computers on your local network can access your computer at: "home.local"
I changed this to "cflare.local" -> turned off all file and printer sharing -> locked my settings -> waited 5 minutes and computer didn't show back up (revealing that it was something in here). -> Then I changed the name back to "home.local", and turned back on printer and file sharing because I decided to mess only with one setting at a time starting with the file sharing.

After turning my file sharing back on, the name "24.166.99.251" changed to "cflare" even with the computer location set at "home.local". Finding this strange, I changed the name to "overthere.local" -> waited 5 minutes and the shared computer never came back. -> I changed it back to "home.local" and now the computer name is "overthere".

https://lh4.googleusercontent.com/-O...0.17.43+AM.png

This got me to thinking, what happens not when I unplug the router but unplug the modem. "Shared" computer stays. Unplug the router, it goes away. WIFI is turned off and all other computes in the house is off.

dtravis7 09-29-2012 11:47 AM

What brand and model is your Router? I have a reason for asking.

Also do you have a print server of any kind?

cwa107 09-29-2012 12:40 PM

You've got a device that uses SMB or Bonjour on your network. It may be something like a printer or a connected Blu-Ray player that you're not thinking about. Check each of the devices attached to your network and unplug/disconnect them one by one until you find the culprit.

dtravis7 09-29-2012 12:47 PM

Chris, I think you and I are on the same page. Reason I asked about the router is I have seen some with some kind of Server on board once. I have a feeling something is on that network he is not unplugging.

I had this TINY EDI Max print server once that was so small I forgot I even had it. It lost it's config and took over DHCP at 192.168.1.1 and messed up my whole network. Took hours of unplugging and then I found it had fallen behind the one computer table! It was so tiny I did not see it. Unplugged that and network was fine. :D

talk2bks 09-29-2012 01:12 PM

I have a Linksys WRT54GP2. It has 2 phone ports for Vonage (which I don't use anymore). Everytime I make a change it can take 5 minutes for finder to either recognize the shared computer or get rid of the shared computer. I think that this could be print server related. I've seen this on other forums but because originally had (I thought it had) instead of some mac address.

When I first noticed the problem, I shut off wifi on my mac and plugged straight into my router. I turned off the wifi on my router and I unplugged everything else in my router. The only thing I did not physically turn off would be the roku box.

I'm curious if Chrome and the cloud printing is the culprit?


All times are GMT -4. The time now is 08:30 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.