# Unknown IP Address Range on Router DHCP Client List



## kent105 (Nov 20, 2011)

Hi everyone, 

I keep getting some additional IP addresses logging onto my home network that have an address outside what should be allowed by the router. The server is running at 192.168.2.1 and is set to only allow clients from 192.168.2.2 - 192.168.2.10 so a total of 9 clients should be allowed on.

The problem is that something keeps logging in with an address of 192.168.169.2 or 3 etc. Sometimes more than one device at a time.

Has anyone ever heard of this happening before?

I have assumed that it is some automated or virtual client as I'm pretty certain my network has not been breached. I have a 9 character password with a relatively random alphanumeric combination, although I haven't tried changing the password (I live in a share house with with a bunch of devices using wireless, so I haven't yet bothered). 

What I don't understand is how it has connected with the xx.xx.169.xx range at all. I have a Belkin 'Share' Wireless N Modem Router and at some stage there was a 'guest' network but that has since been disabled and I still am seeing the extra address. 

I have attached a screen shot of the DHCP client list on the router.

The following is a list of devices that may be on the network at times, I'm thinking one of these may be responsible for the problem:

Windows Vista Desktop - Only LAN device
PS3
Macbook
Epson wireless printer
Android HTC Desire Mobile Phone
Laptops running various Windows versions (XP, Vista and 7)

A few thoughts I had: 
- the android phone is capable of running a wireless hotspot, may have to look into it to see if if has been operating as an access point into the Belkin router, but assumed this wouldn't bring up clients connected to the phone on the home router.
- The desktop has PS3 Media server installed to stream video to the PS3 over the network (not that I have ever managed to get it to work), however this is not ever open on the desktop.

Any help would be greatly appreciated, please post if you can think of extra info I should provide.

Cheers
Kent


----------



## dai (Jul 2, 2004)

click the refresh tab

you are running wpa security?


----------



## Wand3r3r (Sep 17, 2010)

That is totally strange. Never seen dhcp registration for ips not in the routers lan subnet.

See if there is a firmware update for your router. 
Engage mac filtering and deny the x.x.169.x mac address. See if someone complains of no connection.


----------



## kent105 (Nov 20, 2011)

Hi guys, thanks for the responses.

Dai the refresh button doesn't seem to do anything, in fact I have seen IP addresses remain in the client list even when I know the device has since been turned off. I assume it just bases it on the IP address lease time.
Yep WPA/WPA2 with a passkey - 6 numbers 3 letters random enough not to be guessed.

Wanderer, the firmware is updated automatically but I ran a check to be sure and it all looks up to date. I agree the mac filtering is the way I was planning on going to prevent it connecting, it's just a nuisance to do and so far I haven't seen any unusual downloads. I guess more than anything I was just intrigued as to how something connected using that address.


----------



## Fred Garvin (Sep 4, 2010)

Do you have UPNP enabled in your router?
Any other wireless devices, phones, printers, laptops, etc in your house that have connected to your network at some point?
Try powering off your router for about 10 seconds then plug it back in. That will clear the list of clients. Then monitor the router for that ID again. 
It looks like a partial MAC address. See if it matches anything else connected.


----------



## kent105 (Nov 20, 2011)

Think I might have had a break through. Found this in the security log only moments after carrying out a restart of the router.

Nov 24 19:33:35 router daemon.err nmbd[3036]: [2011/11/24 19:33:35, 0] nmbd/nmbd_become_lmb.c:become_local_master_stage2(396) 
Nov 24 19:33:35 router daemon.err nmbd[3036]: ***** 
Nov 24 19:33:35 router daemon.err nmbd[3036]: 
Nov 24 19:33:35 router daemon.err nmbd[3036]: Samba name server ROUTER is now a local master browser for workgroup WORKGROUP on subnet 192.168.169.1 
Nov 24 19:33:35 router daemon.err nmbd[3036]: 
Nov 24 19:33:35 router daemon.err nmbd[3036]: ***** 

Google tells me that it samba is a linux based networking/routing tool. The only explanation I can come up for this is that I have a ubuntu operating system installed on my PS3, though I haven't used it in ages because I could never get it to function very well. Strangely this is coming up even when the PS3 is on standby, my next check will be to unplug my PS3, perform a router reset and see what I get.

Also in reply to Fred, yes UPNP is switched on. I did a power off reset and it restored factory settings, is that normal? I mean the lot I had to rename the network SSID, reset the passkey, router login, re-enter the MAC addresses to the secure list (which is painful because there is no copy function) even had to dig up my ISP username and password because it is so long since I've had to enter that. Is it normal for this to happen on a power off reset?

Will also try turning devices on one at a time and checking the client list, to check for any changes.


----------



## dai (Jul 2, 2004)

it's normal to have to re enter everything after a hard re set


----------



## Fred Garvin (Sep 4, 2010)

As Dai said, a hard reset where you push the reset pin in for 10 to 15 seconds will reset the router to factory defaults. Just unplugging the power cord from the router does not reset your custom settings.

If you have UPNP enabled in your router, that allows UPNP capable devices (like your PS3) to make changes in your router in order for them to connect. It sounds like your PS3 is the unknown device. Verify it by MAC address.


----------



## kent105 (Nov 20, 2011)

Hmm, I just pulled the power cord out. Might have been because I was still logged into it from my computer.

The PS3 isn't the device, I confirmed its MAC address. But I still think its likely it has something to do with the PS3. I have remote power-on activated on my PS3, which seems to make it broadcast itself as a WLAN when in standby mode. From memory I think windows platforms don't recognise it (as in does not show up as an available network) but the macbook and at least some phones did see it (my nokia for one). I have never set any password up for it, but I have also never been able to connect to it when I've tried in the past. I guess if someone new what they were doing they might be able to get in (e.g. it might be a generic password like 1234). 

I will continue to investigate over the weekend, now that I have some time on my hands, and post if I come up with anything. In the mean time if anyone has some additional thoughts I would be happy to hear them, I don't really know much about networking and the likes.


----------



## kent105 (Nov 20, 2011)

EDIT for above post - Sorry my mistake it seems I can see the PS3 WLAN broadcast with windows platforms.


----------



## Fred Garvin (Sep 4, 2010)

I don't know anything about the PS3 network, so I can't be any help there. Check out the manual for info on how it works or if it sets up it's own wireless network. I would take a guess that the 192.168.169.2 address is for the PS3 or given out for a virtual network on the PS3 side.

I would completely unplug the PS3 & the controller if possible, then disconnect any device that connects to the router. Then unplug the router for about 10 secs and plug it back in. Or disable the wireless signal all together. That should clear any entries for recent devices that have connected to the router. Power on one device at a time and keep checking the router for new connections. You might even want to jot down part of the MAC addresses so you can keep track of which one corresponds to each computer, phone, etc.


----------

