Extra Devices Displayed on Network Security Map- NIS 2012

When I open the Network Security Map in NIS 2012 (v19.9.1.14) six or seven extra devices show up on my ethernet connection.  Most are called 'New,' are offline, and have different physical addresses but little other specific details.  I have no other ethernet-connected computers; I have a netbook and Windows 8 phone on my wireless network connected to the same cable modem.

 

By the way, I'm using NIS 2012 because I had lots of problems with NIS 2013 on this Windows 8 computer.

 

Any idea what's going on?


BajaBoojum wrote:

When I open the Network Security Map in NIS 2012 (v19.9.1.14) six or seven extra devices show up on my ethernet connection.  Most are called 'New,' are offline, and have different physical addresses but little other specific details.  I have no other ethernet-connected computers; I have a netbook and Windows 8 phone on my wireless network connected to the same cable modem.

 

By the way, I'm using NIS 2012 because I had lots of problems with NIS 2013 on this Windows 8 computer.

 

Any idea what's going on?


Hi,

Not for sure. Have you clicked on 'refresh' on the network security map screen? Did that change the number of devices displayed?

If you are positive that they are not devices that you use, like wireless ones currently turned off or out of range, you can block their access.

Keep us posted

I have the same, several devices listed, no ip address just a mac address, I blocked them (under both Ethernet & wireless connections) but then found the wireless card wouldn’t connect when I was wireless, I now assume that one or two entries are that & another is for the webcam even though not one of the entries ever goes online - at least using Ethernet connection. The majority of these unknown entries show as generic with one showing as a desktop computer.

Here’s a thought
When friends and family come over, do you let them connect their phones or iPads to your wifi?

Not in my case, immediate family not online so have no devices, friends don't bring their devices. My SSID is hidden & I have an unguessable passphrase so am sure there's only my devices connecting - all my devices show manufacturer etc anyway, only one of the unknown devices shows 'Chi Mei Communication Systems, inc', searching mentions webphones which I don't have but I do have a webcam & have installed Skype so assume it is part of one &/or the other.

Consider this.  If  you have cable TV/fios EACH of your settop boxes will probably want to access your network.

 

I bought a new Toshiba laptop last month and I have NIS 2013 installed and the network map shows 9 extra devices that aren't mine and  none of the 9 devices are ever online.

I have 2 other computers with NIS 2012 and none of them ever show any of the extra 9 devices even when i refresh. They only show up on my new Toshiba laptop. So I don't know why only the new computer picks up 9 extra devices and the other 2 computers only pick up my known devices.???

Refresh didn't eliminate the unknowns, but I removed all but the known devices (under Total in Network).  Only one reappeared, which is perhaps my phone.  It's possible the others were house guests.

 

I'm more curious than concerned because I know I'm the only one plugged in and my WiFi is protected.  Since I'm not the only victim of phantom devices, it'd be interesting to know why Norton keeps track of past connections.


BajaBoojum wrote:

Refresh didn't eliminate the unknowns, but I removed all but the known devices (under Total in Network).  Only one reappeared, which is perhaps my phone.  It's possible the others were house guests.

 

I'm more curious than concerned because I know I'm the only one plugged in and my WiFi is protected.  Since I'm not the only victim of phantom devices, it'd be interesting to know why Norton keeps track of past connections.


Hi,

Not sure why Norton does it but your cell does it and so do your browsers, maybe it's a trend? :smileywink:

Or maybe even an undocumented feature? :smileyvery-happy:

You may want to check and make sure your wifi really is protected.  Because I have never seen a device in the network map unless it is connected.

 

From the help file:

The Network Security Map window provides a pictorial representation of the devices on the network to which your computer is connected

 

I have a business and people with smartphones and laptops come into range every day but I never see another device listed unless I connect it.

 

This computer is a desktop with no wifi connected to the router through the LAN but I can still see the wireless devices that connect to the router.  Because the Network security map shows all the devices on the entire network and the the network details on the left that show LAN is only showing how this computer is connected.

 

Dave

Dave,

 

That's my experience too with my wireless router .... but very different if I turn on WiFi on my cell phone and let it search for networks. Here in my residential area I see about 5 networks mostly secured but one named one is not .... but I'm only allowed "local access" on that system.

 

Made me think very carefully about how secured mine was ....

My WiFi is secure; in fact the Network Security Map on my WiFi-connected netbook only shows actual devices, never any phantoms.  Maybe some of the mysterious devices are my USB-connected printer.

This is an old problem with the Network Map that I posted about for NIS11 and NIS12.  See the following links:

 

http://community.norton.com/t5/Norton-Internet-Security-Norton/HELP-Mystery-device-in-NIS11-Network-Security-Map/td-p/286268

 

http://community.norton.com/t5/Norton-Internet-Security-Norton/Mystery-Device-in-NIS12-Network-Security-Map/td-p/531970

 

Long story short:  I think you may be seeing other wireless routers in your area that have Wifi Protected Setup (WPS) turned on. 

Hello

 

My wireless printer shows up on my map, but it has a picture of a printer on it. When my son comes over with his laptop, I get another new item on my map.. Since I have Fios, the TV's and the cable boxes show up on mine also.

Has anyone else seen that the labels on the images eg that enable me to indicate that that is my AT&T Cellphone do not persist?

 

Am I missing a Save anywhere?


huwyngr wrote:

Has anyone else seen that the labels on the images eg that enable me to indicate that that is my AT&T Cellphone do not persist?

 

Am I missing a Save anywhere?


See this post for directions on how to save the device labels in the map:

http://community.norton.com/t5/Norton-Internet-Security-Norton/Network-Security-Map-Forgets-Manually-Entered-Info/td-p/929083

 

You may also want to take a look at the links in my earlier post.  These problems and concerns with mystery devices in the Network Map have been around for years.

car825

 

Thanks for the link -- I may give that a try.

 

I had read the thread already thanks.


BajaBoojum wrote:

When I open the Network Security Map in NIS 2012 (v19.9.1.14) six or seven extra devices show up on my ethernet connection.  Most are called 'New,' are offline, and have different physical addresses but little other specific details.  I have no other ethernet-connected computers; I have a netbook and Windows 8 phone on my wireless network connected to the same cable modem.

 

By the way, I'm using NIS 2012 because I had lots of problems with NIS 2013 on this Windows 8 computer.

 

Any idea what's going on?


Hi, BajaBoojum.  Some ideas:

 

1. When you open the Network Security Map, it will show you all the devices it "remembers".   This is every device that has ever connected to your machine with a unique IP address.  This is normal and correct behaviour for NIS.

 

2. Whenever you reconfigure your network, for whatever reason, the "old stuff" remains behind on the Network Security Map in NIS, even though that item will never connect again with that IP address.  As a result, you need to tell NIS to "forget" all it has learned, so it can create a new map based on the "new reality".  You do this by going into the NIS Control Panel, Settings, the Network tab, the Network Security Settings sub-category, and clicking the "Purge" item in the Network Security Settings control panel list.

 

3. When you purge the list - NIS will build a fresh list - and the history of the Network Security Map will "start over".  If you reconfigure your existing devices at any time in future - you will have to repeat step 2 for NIS to rebuild its "reality" again.  This is normal.  It is a consequence of the fact that NIS is not in charge of IP address assignments - this is the job of your Router.  All NIS can do is report on what the router has done - even if the Router is doing something you think is silly.

 

4. There is a lot of variation in the way that Routers handle IP assignments.  Most routers rely on a process known as DHCP.  What this does is assign a unique (different) IP address to each device that connects to your network - on the basis of rules programmed into the router about how to do this.  The common rulesets are as follows:

 

a) Remember every device ever connected to the router, and assign it an IP address.  This exactly matches the behaviour of NIS, and has all the same consequences.  Thus, if you ever reconfigure any devices on your network, the Router will retain that info and give back that same IP address regardless.  This works well until you replace something like a Network Printer, you get a new phone, and so on.  The "memory" of the old device remains - regardless of the fact it will never be used on your network ever again.

 

b) Remember every device connected to the router, and assign it an IP address.  Again, this exactly matches the behaviour of NIS, and has all the same consequences.  However, in this case, the Router has a time-limit (called a "lease time") which returns that particular IP address reservation to the "unclaimed" list once the lease time expires.  Lease times vary, but common values are up to a week.  In this case, if you "purge" the NIS map - and the lease on an obsolete item has expired - it will not reappear.  This is the most common default programming method used for consumer-grade routers.

 

c) Remember every device connected to the router, assign an IP address, and forget that address after the lease time expires, except for items that have a "DHCP Reservation".  Items that have a DHCP reservation act as items noted in category a).  Thus, they will remain on that IP address, regardless of whether or not they have "fallen off the lease".

 

5. The problem with category b) Routers is there is no way to guarantee that the Router will look at a device you have connected to the Router at some time in the past - where that item has "fallen off the lease" - and assign the original IP address used for that original lease.  This is normal and correct.  Thus, your NIS "history" will fill with duplicate items unless the NIS "history" is periodically refreshed by purging the Network Security Map list.

 

6. The problem described in Item 5 is so annoying to many people that most Routers have an optional section to allow the router to work in category c) mode.  However, this means you are required to have enough "smarts" to actually go into the router setup and create those DHCP reservations.  If you do that, the IP addresses of your "known reservation" devices will not change, and your NIS map will remain correct for those items until such time as you change the DHCP reservations in the router.

 

7. NIS tries to "guess" what category the device is supposed to display, and NIS also tries to "fetch" the name of the device from the device itself - so it can populate the "name" field for the device on the basis of the network name of the device.  However, there are rules about this which limit both the complexity of names and the letters/numbers/extra-characters that the router can "interpret" so it can automatically fill out the "name" field for the device.

 

For example, if you have named your iPhone "BajaBoojum's iPhone" - NIS cannot automatically populate the "name" field - because this violates the naming-convention rules which are used to auto-populate the name field during a network query.  Changing the name on your iPhone to "BJBJ-iPhone" (notice: no apostrophe, no spaces, no non-standard characters) will allow NIS to auto-populate the name field.  This works similarly for all IP devices the Router works with (which is all devices on your LAN).

 

The network name for the computer where NIS is installed is a possible exception to the above rule.  Because this machine is "local" to NIS - the program can "get the info" through other means than a network query.  Thus, the name for the device on which NIS is installed can be properly placed in the Network Security Map - even if it violates the conventions mentioned in the preceding paragraph.  This is the only device which can violate the rules - and if you violate the rules on that device, then it will show up as "new" on the Network Security Map in your other computers using NIS.  Staying within the convention on all devices attached to the Network is the only way to ensure that all Network Security Maps on all machines with NIS installed will all show the same nameset.

 

Some devices (like some network printers) will always show "New" no matter what you do.  This means the device does not properly support a network-name-query in a way either the Router (or NIS) understands.  Even if you use the proper naming conventions, the device will still show up in the Network Security Map as "New".  There is no choice in this circumstance but to go in and manually change the name for that device to its proper name.  This must be done for each NIS installation on each device where NIS is installed.

 

In situations where a category b) Router is used - and a reservation is in place using a DHCP lease - and you have changed something in that device - the Router may "remember" the old information as well as assign the device a new IP address because you have reconfigured that device.  This creates a situation where "mortal remains" of your reconfiguration are still displayed - even though you know you've changed something to the "new way you want things to be" (eg: when you rename a device so its network name follows network naming conventions so it will show its name properly in a standard Network Security Map query).  The way you fix this is to shut down all the machines on your network, shut down your router, shut down your cable/adsl modem, wait 15 seconds for that last device to completely discharge, and then restart the items in reverse order from shutdown (modem, router, rest of network devices).  This forces the router to "forget" its previous automatically-assigned-DHCP-leases - which gets rid of the "mortal remains" - so your Network Security Map reflects your "new reality" - rather than the "obsolete reality" contained in router memory until you rebooted the router.

 

My suspicion is you have old connections from smartphones your friends have brought over, and these are showing in your NSM.  You may also have old phones in your NSM that you either no longer use or only rarely use - and each of these has a non-standard network name so they all show as "new".  A similar situation occurs with tablets, blackberry devices, network printers, IP cameras, and so on.  Also, if you are running an unsecured wireless network - or relying on easily-compromised wireless network security such as WEP - you can have lots of "leeches" connected to your router - which will be reliably detected by NIS and will show up on your NSM as "new" devices - if they have non-standard network names (which is most iPhones and similar, for example).

 

 

There you go, a quick tutorial on "the perils of poorly configured routers" - and their impact on NIS.  :smileyhappy:

 

 

I posted about the mystery devices in the Network Map a number of times since the NIS11 days.  The discussions pointed to unconfigured routers with Wifi Protected Setup (WPS) turned on.  I did a test at the time.  I powered up an unconfigured router with WPS and it immediately appeared on the NIS Network Map as a new offline device with no IP address.  My computer was NOT connected to the router, but there it was on the Network Map.  The details are in the links in my first post in this thread.


car825 wrote:

I posted about the mystery devices in the Network Map a number of times since the NIS11 days.  The discussions pointed to unconfigured routers with Wifi Protected Setup (WPS) turned on.  I did a test at the time.  I powered up an unconfigured router with WPS and it immediately appeared on the NIS Network Map as a new offline device with no IP address.  My computer was NOT connected to the router, but there it was on the Network Map.  The details are in the links in my first post in this thread.


Hi, car825.  This would tend to indicate your Router was allowing these items to be passed through to your LAN - in other words WAP Repeater access is turned on - with no security required for WAP Repeater access to be granted.  Normally, a properly secured router should not permit this - as it is an extreme security risk both for you (connecting to their potentially-malware-ridden network) and to them (connecting to your potentially-malware-ridden network) - not to mention the privacy issues.

 

It's still "the perils of poorly configured routers" - just in  a different way.

 

 

For example - as a continuation of my previous post in this thread - see the following:

 

http://www.techrepublic.com/blog/doityourself-it-guy/diy-setting-up-wireless-access-points-as-repeaters-to-extend-wireless-range/141

 

Notice that if you do this properly, you only have to maintain the DHCP reservation list on the "Master" router (the one with the active DHCP server).  Doing it any other way multiplies complexity by the number of DHCP servers available on your network.  I recommend avoiding the highly-complex option...   :smileywink:

 

 

Note: Firmware updates for Routers are supposed to have closed those WPS security holes.  So, a firmware update for the affected router(s) may be just the "magic bullet" needed to solve both your and the original poster's problems.

 

 

Hope this helps.