Curiosity About 2 Routers In IP Scanner Results

[MacInWin]

I agree. I've experienced the same thing on several occasions.

I once had an IT person tell me that the reason a network I would have liked to access via Mac did not permit Mac access was that Macs generated a lot of extraneous network traffic. Now before someone says that might be true for AppleTalk traffic I'd like to point out two things:
1. This was long after most Macs were using TCP/IP to handle traffic. About the only people still using AppleTalk were folks that had one of the Apple laser printers that just refused to die.
2. At no point had I indicated any need for / desire to use AppleTalk.

Sly, in wrestling with my SIM card adventure this week, I had an EE rep tell me the that the SIM Card from the EE store at the airport was a different network from the EE cards in the store. There is just no limit to stupidity.

 

[PGB1]

Thank You All for helping me out & for the education! I appreciate it very much.

I MESSED UP & I OFFER MY APOLOGIES!
After re-reading everything I wrote here, I don't see that I mentioned that my telephone wiring is connected to this router with a RJ-45 cable into a special jack. We use the ISP for phone service. I totally forgot & I apologize for this. I'd have to guess this is an important detail!
Unplugging the phone didn't have an effect on the mystery IP address appearing in an IP Scan application.

I've started exploring & working on the suggestions you each provided. Hopefully today I will be able to do more, learning as I go.

Something I noticed today is that once you log into the router with the user name & password, you can change any of my settings- including network passwords without entering anymore password. The user name & password that the ISP set when installing were the defaults shown in the owner's manual. I changed the access password today.

I tried some of things that Lisa was kind enough to list in Post #13. (Thanks Lisa for those & the explanations!) Here's what I have so far:
Ping
Ping to the mystery IP address showed the pings returned. Pinging the normal IP showed the same results. Pinging my computer showed a timeout, indicating to me that the firewall is working. (If I understand this correctly...)

Traceroute
This showed the mystery IP address going back to itself & no packets were on the lst. The regular IP did the same. To my laptop, it showed packets going.

WhoIs
WhoIs showed no results for the mystery IP. For my laptop it showed:
Registrar: GMO Internet, Inc. dba Onamae.com
Registrar WHOIS Server: whois.discount-domain.com
Registrar URL: http://www.onamae.com/
>>> Last update of whois database: 2017-11-25T13:57:45Z <<<

Port Scan
192.160.0.1 (The normal IP)
TCP 80 http
TCP 443 https
TCP 5000 Complex-Main

192.168.0.252 (The mystery address)
TCP 23 telnet
TCP 5150 ATMP showed on one scan, but not the next scan

In the router's configuration utility showed Active Access Points As:
2.4 Ghz Shows a list of the same nearby (neighboring houses & business') routers that Airport drop down list shows.
5 Ghz Shows “No data found” (We use the 5 Ghz)

Wireless Client List
2.4 Ghz Shows the computer I am using to access the router
Shows it twice with the same MAC Address but different IP address
One IP is 192.168.0.2
One IP is FE80:21B:63FF:FECC:4C06
5 Ghz Shows no one
-------------------------------------------
Is It Safe to Try This?
In the router's configuration page titled "LAN Setup Client List", is it safe to try deleting the mystery IP address?
The page shows it as "Offline" & shows a MAC Address of MAC Adress FF:FF;FF;FF;FF;FF (Different than what the IP Scan tools show)

Tried This Again
I plugged the laptop into the router directly via an ethernet cord & removed the printer's cable and the telephone wire.
Logged into the router & turned off both 2.4 Ghz & 5 Ghz wireless.
Saved the changes & rebooted the router.
Rebooted the laptop.
The mystery IP address still showed up in the IP Scan applications.
I verified that wireless was off by trying to let a different laptop & an iPad find the network by using Airport. My network was not on the list.
Does this verify that the mystery IP address is not someone else plugged in?

I'll keep trying the items you all suggested & the items on Lisa's list. I sure am learning a lot & any day I can learn something new is a good day, indeed!

Paul

Unsolicited Editorial Comment
Some of these posts mentioned ISPs not liking Macs. I have to agree. As soon as I mention Mac, they say "Oh" followed by either a long silence or a transfer to someone else. They have a melt down if Mac Mail does not work & you have set up questions. Two of the agents I talked to about this mystery IP address question told me if I got a Windows computer, this would not happen because Macs are too easy to hack & Windows isn't (Huh?)

Most of my career was (and I still get called out) in designing & building power systems for sports, broadcast, entertainment and film. Way back in the early 1990's the rule-of-thumb was if broadcast on a NASCAR event went down, it costs over 10,000 dollars per second. And what were the only computers allowed to be used? Unix based- like a MAC.

Today, you will never see a non-Mac (or Unix) computer operating any broadcast equipment. The engineers say that is because they are very stable, can be easily paralleled for redundancy and it is simple (for them) to write custom applications. They also report very little bandwidth is used by Mac OS for communicating, making their setup simpler. (I am really uneducated on this, so I take their word for it.)

I have set often up multi-megawatt power systems for broadcast with an identical parallel system for automatic redundant backup. I have never been allowed to use any computer that is not Mac to operate the frequency synchronization and emergency switchover. I've seen computers fail while at the broadcast control station and the parallel computer ties in so fast that you can't even see a noise bar on the monitor. No one wold dare try that with a Windows based computer.

 

[mrplow]

Those tests prove this isn’t an outsider threat. I’m even more convinced this is a service feature of the router

 

[lclev]

For the unknown IP address: TCP 5150 ATMP indicates a tunneling port used for a VPN - Virtual Private Network. TCP 23 is usually used for Telnet protocol—unencrypted text communications which means it is an unsecured port. Unless you are using a VPN, I would see if you can close those ports on your router. If something quits working that will tell you what is using it.

Lisa

 

[lclev]

Since I did not want to add on to my last post - a couple more thoughts.

If you delete the unknown IP address and if it is an active device it will appear again - so give it a try and delete it.

The MAC address FF:FF:FF:FF:FF:FF is a broadcast address. Kind of like when they "Talk" to each other that address is like a request for another device to respond.

Lisa

 

[PGB1]

Thanks to You Both for the new information.

From the LAN Setup Client List, I deleted the mystery IP address, but it came back after a reboot of the router. The difference now is that it says "offline" under "Status".

I rechecked Network Utility twice today and the Port TCP 5150 was not on the list the first time. The second time (after the computer slept for a few hours & no applications other than Network Utility were used) it was on the list. Lisa, you mentioned it being related to a VPN. The only VPN like software on the computer is Opera Browser. It has a built in VPN, but I've only opened the application once when I first got it. I wonder if that opened the port?

I studied OS X firewall (10.11.6) and didn't see any option to close ports individually. Under Firewall - Options we can block all incoming connections. That's how we always have had both of our computers set up. I also went to each page in the router's configuration & came up empty for any chance to close a port. The owner's manual has no mention of it. The router's set up does have an option to close ethernet ports, but only lists 1, 2 & 3. I'm guessing these are the physical ethernet ports on the back of the device.

In internet searching for "Close Port 23 Arris" I saw a few pages that said that Port 23 is used to allow a computer to configure the router via WiFi. More pages said to close the port, but didn't say how. A few offered quite varying Terminal App commands. Since there were so many different Terminal commands offered, I didn't try any of them. And some pages said closing a port with Terminal won't work & it has to be done in the router's configuration.

Do you know how I can close the Port 23? Conversely, should I leave it open for accessing the router settings, as a few pages suggested?

Thanks Again to All!
Paul

 

[lclev]

No you do not want to close ethernet ports. I am not sure about how Opera sets up VPN. I "assume" unless the app is open VPN is not active.

I am not sure how to close ports on your Arris. While I have an Arris at work it does not have the interface yours has. Mine is basically a dumb box that allows us to connect. My Arris feeds into another router that is highly configurable to do all my tweaks. I did look at my Frontier router at home and blocking ports is under the firewall setting, custom, and click on an advanced button. But I am not sure what you have.

Port blocking has to be done at the router. You might find something to do with gaming settings. A lot of routers have a provision for opening ports for specific online gaming use. If this is available you can usually block ports there.

This whole thing could just be a feature of your internet phone. That is a big unknown for me. You would think your ISP would know what ports the telephone used - you would think.....

Lisa

 

[dtravis7]

I think Lisa is onto something about Internet Phones. My family here has AT&T with a router that does phones and there is an IP for the phone part. I personally use Ooma which is a box that plugs into the router and for sure takes up an IP address but that is to be expected. I will check their router later as it sounds similar to yours and see what I see.

Internet phones use VOIP. Voice Over Internet Protocol.

 

[Slydude]

That's definitely a possibility based upon what I found earlier. That router does apparently have some telephony capability although IIRC there was not a lot of the kind of detail we need to solve this problem.

 

[PGB1]

Thanks All!

Regarding Port 23 Telnet- I searched through every page & sub-page on the router's set up pages and didn't find any place to close ports. For fun, I tried using Terminal.app to see if I could connect to telnet (I don't know if this is a valid test or not.) I typed: telnet 192.168.0.1 <enter> The result was:
Trying 192.168.0.1...
telnet: connect to address 192.168.0.1: Connection refused
telnet: Unable to connect to remote host

I don't know if the Terminal results are good news or no big deal news.

Some more internet searching about ports & Arris routers eventually taught me that there are some Arris models where ports can not be closed by the user. The Owner's Manual is pretty basic and does not address port closing.

Regarding the mystery IP address: I called the ISP back and explained that when WiFi is off and the router rebooted, the mystery IP still shows up. I kind of hinted that this means no one is wirelessly entering my router because WiFi is off and no one can get into the local network without being plugged into an ethernet jack on the router. I asked what the address is used for by the router. The person had a melt down & said security is breached & they need to send a technician for $50.00 per hour to get rid of the hacker. I declined the offer.

So, at this point, it looks like Port 23 is staying open. I wonder if it is time to buy my own router & changing to a different phone service, such as Ooma that Dtravis mentioned. (Our ISP required one of their rental modems if you want phone service.)

 

[chscag]

So, at this point, it looks like Port 23 is staying open. I wonder if it is time to buy my own router & changing to a different phone service, such as Ooma that Dtravis mentioned. (Our ISP required one of their rental modems if you want phone service.)

I'm currently locked into using an Arris router since it's a special edition for FIOS operation. It not only provides the internet but also is needed for my TV cable service. BTW, the Arris I have is very configurable (port closures, DNS, etc.). But I do agree with you that it might time to buy your own router, however, the last time I looked into Ooma, it was expensive to own and operate. That was a long time ago so I have no idea what the cost for one is now.

If you do decide to buy your own router, take a look at the "Archer TP Link" models. They were highly recommended by several Mac magazines and hardware gurus. Most are under $80 and with Cyber deals galore out there you may be able to do even better.

 

[lclev]

Okay, so I finally cornered a friend who has some knowledge of how to go about circumventing such silly things like firewalls etc... Anyway, I had him read back through all the posts. His opinion is that tapped into your cable is an extremely hard thing to do and more than likely not happening. Also given your new long wifi password this should have eliminated anyone hijacking wirelessly. He is of the opinion the extra IP is related to your phone service. I am leaning that way too.

I still say your cable provider should have a tech knowledgeable enough to tell you if the phone needs it's own IP address. I would call them and ask to be elevated to a senior tech and ask him or her. If you are renting the router then they should have answers to your questions.

Lisa

 

[PGB1]

Thanks for the additional information & help Chsgag & Lisa.
I've started shopping for a modem, router & telephone service. It's interesting to study each choice and see the feature differences between them. I haven't looked into the phone service too much yet.

I called the ISP back & did what Lisa suggested about asking for a senior tech. About the second IP address being for the telephone service, he said "maybe" and explained that each modem-router they rent acts differently & they have no way to know. That in itself does not inspire confidence. I also asked about closing Port 23 (telnet). His answer was not to worry about it & it is 'probably' safe. Again, he's not inspiring confidence. So, I really do need to get my own equipment to be able to set up things to be safe.

It is funny how the ISP people say that if I buy my own equipment, they won't give technical support, which I always assumed would be the case. My experiences on this project pretty much tell me they aren't giving support now.

Thanks Again To All! I do appreciate the help and advice you are giving me. I'm learning quite a bit.
Paul

 

[chscag]

It is funny how the ISP people say that if I buy my own equipment, they won't give technical support, which I always assumed would be the case. My experiences on this project pretty much tell me they aren't giving support now.

Every ISP I have ever done business with has that policy. If you have your own equipment rather than rent from them, you are responsible for it, not them. My ISP has its customers boxed in because ordinary off the shelf modem-routers will not work with their system. I'm forced to rent from them but fortunately since I also have my TV cable service with them, they do not charge for the modem-router. But they get it back for the cable box rental.

As for phone service, many folks nowadays use their mobile phones as a home phone. However, some ISPs offer VOIP phone service for free if you bundle it with internet and cable service.

 

[lclev]

It is funny how the ISP people say that if I buy my own equipment, they won't give technical support, which I always assumed would be the case. My experiences on this project pretty much tell me they aren't giving support now.

I agree! I have found with ISP's it is always better to have your own router if possible. As far as support, here of late I have had the fun of dealing with various tech support departments and the best I can say is I am thrilled if we can understand each other. Unfortunately solving the problem rarely happens. So telling me I will lose tech support is not much of a threat to me.

Lisa

 

[PGB1]

I wasn't picking on the ISP for not providing technical support for an owner's equipment. I would assume that would be the case & it is quite justifiable. But they charge to fix their own equipment, so there isn't much to lose.

Since this ISP's tech support hasn't been of any help fixing the mystery IP address or open port problem, I don't mind ditching their equipment & gaining some control. I think figuring out a phone service is going to be the biggest challenge of the project.

Enjoy This Day!
Paul

 

[chscag]

I think figuring out a phone service is going to be the biggest challenge of the project.

That might turn out to be more difficult than it appears. It seems nowadays, most ISPs are offering bundled services - TV, Internet, and VOIP phone service. Trying to get a separate phone service either means you get back with a regular phone company or use your mobile phones for everything, which is what we do.

Regular phone service here in the Dallas-Fort Worth area can cost an additional $40 to $50 per month depending on what you choose. Kind of ridiculous when I'm already paying around $60 per month for mobile service.

Like we used to say in the old days Paul, "Ma Bell rules!"

 

[MacInWin]

Paul, what I have done is to have the ISP turn off the WiFi router in their device, leaving it only as a modem. Then a short ethernet cable attaches from it to my WiFi router, which I can completely control. I have Xfinity from Comcast, and they had to do the control to turn off the WiFi in their modem/router because that part wasn't available to me, but they were happy to do it for me. I also had them turn off the "free" Xfinity.com access that is on by default. I don't want anybody using my equipment that I don't know about.

 

[PGB1]

Thanks Again All for sharing your knowledge. I appreciate the education I'm getting on the topic. Lisa, please thank you friend that read through the posts & for his thoughts.

I've found, as Chscag mentioned, that it's been kind of difficult to figure out the phone service thing. Getting a straight answer from the ISP for how much I'll save by eliminating their phone service has been quite a challenge. A couple of people I talked to said they don't allow a 3rd party VOIP (such as Ooma, etc.) on their network, but that might be just salesperson talk.
I hope that on Monday I can talk to someone from their "A Team" to get real cost figures and be able to make an informed choice about whether it is cost-effective to switch phone providers.

Your idea, Jake, of a separate router handling WiFi & turning the ISP's WiFi off sounds like a simple, low-cost solution to any security uncertainties. I checked out the Archer TP Link that Chscag mentioned. Some of the models look perfect for the job. From the manual it looks like the devices are quite user-configurable and user friendly.

Enjoy Today!
Paul

 

[dtravis7]

I have ran my Ooma on both AT&T uVerse, Sonic.net and another friend uses his on Comcast and another on COX so I am sure the person was wrong.