Learn More
Resend Email
29
rndcrypt
4y

A few years ago I was browsing Bash.org, and a user posted that he'd physically lost a machine.

A few weeks ago, I'd switched my router out for OPNSense. I figured it was time to start cleaning up my network.

Over the course of tracking down IP addresses and assigning statics to mac addresses, I spotted an IP I didn't recognize.

Being a home network, I'm pretty familiar with everything on the network by IP, so was a little taken aback.

I did some testing, found out that it was a Linux box. Cool.

I can SSH into it. Ok.

Logs show that it's running fine, no CPU/Memory/Harddrive issues. Nice.

So where is it?

Traceroute shows its connected directly to the router... Maybe over an unmanaged switch...

Hostname is "localhost"... That's no help.

I've walked the network 4 times now, and God knows where it is.

I think maybe I'll just leave it alone. If it ain't broke...

joke/meme
Favorite
Ranter
Comments
  • 1
    4y
    .
  • 5
    4y
    That may be a router itself. Mine has IP assigned to himself for no obvious reason (other than the "root") and you can't remove it.

    Or, it simply can be your provider with access to your router.... :D
  • 1
    4y
    @potata it could be, but it's running Apache. If I SSH into the router, it's running lighttpd. I think perhaps an old Raspberry Pi I setup ages ago to run something... But I've completely forgotten what it was for... Also, the Pi is so damned small, it could literally be anywhere... My workshop is an absolute mess. LOL
  • 2
    4y
    Drop power to workshop and see if it disappear?
    If it's over wired, start unplugging connections one at a time.
  • 3
    4y
    @amrit2022 I think that might be my only choice. I've been hesitant, because of that voice in the back of my head saying "uptime". But I think I might have to start disabling ports and try and track it down... God I'm lazy. Haha! Can't I just write a script to find it for me? 🤣
  • 2
    4y
    Does it have an ARP table entry? If so you can tell a bit about the manufacturer with it. What can an NMap scan tell you about it? Open ports may indicate purpose which can narrow down points of contact. Can you tell whether or not it's connected to an AP via wifi or ethernet? If ethernet, you can find it by old fashion cord running. If wifi, most linux devices wont be connected via wifi, as they're usually servers, so that would be more than likely a Raspberry Pi or something like that.

    Post NMap results
  • 1
    4y
    @arcsector
    MAC Addresses can tell us manufacturers, too!
  • 2
    4y
    @RiderExMachina hence the ARP table entry...
  • 2
    4y
    @arcsector
    Yeah, I thought about that as soon as I posted
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment