Really strange router problem!?!

[techjunkie]

This is driving me nuts!

I use a Level 1 WBR-3405TX Wireless AP Router at home and I use it both for LAN and Wireless with DHCP enabled.

I have configured the router to use a MAC-filter, i.e. "Only allow computers with MAC address listed below to access the network."

This works okey if I use Vista Ultimate or Linux (Ubuntu), BUT when I boot on my Win XP Pro partition - it takes TWO IP-addresses from the DHCP scope, one with a MAC-address that isn't in the "allowed" list!?!

I have scanned the XP installation for Spyware, Viruses and Rootkits, but it seems clean.

Does anyone have an idea of what this can be?
[EDIT]
I'll guess I have to do some serious network sniffing with Ethereal or another Network Analyzer.
[EDIT 2]
By the way - It's an almost new XP installation...

[Derek]

Is it actually allowing traffic through to the other computer even though it is supposed to be blocked?

[techjunkie]

Is it actually allowing traffic through to the other computer even though it is supposed to be blocked?

Yes, It's really strange. The DHCP scope is set to 192.168.1.30 - 40 and XP does take two of these addresses one with a very strange MAC-address.

Can the router been hacked? I haven't tried to update the router firmware, I can try that and see if the problem goes away.
[EDIT]
or I'll buy a new router - Level 1 *sucks*!!

[Derek]

Is there another wireless network in your area, there could be someone else out there!

Course, they would have to know your password before they could use your network so it seems doubtful.

What about scheduling, have you got it set to block the mac addresses all the time?

** Edit ** Mines a Netgear one and apart from getting it to work past my firewall (my fault) it has worked brilliantly.

[Thalius]

How do the 2 IP Adresses look ?

maybe you have an additional V-Adapter installed ?

Thalius

[Michael Vogel]

No ideas about vista, but doesn't it have the IPv6-Stack enabled by default?

[Num3]

Maybe a virtual machine installation ?

They usually setup a soft network card.

[techjunkie]

I have read all the posts above, but I don't think any of them solves "my problem".

Yesterday I upgraded the router firmware (there was one newer release on Level 1 support site) and before that I wiped out all configurations and so on, but the "problem" still exists.

This is the allowed MAC-table in the router,



The computers hostname is DCORE (off course) and this is how it looks when I boot Vista, W2K, Linux...



This is how it looks if I boot on WinXP Pro,



and the last picture is a listing of all NICs when I have booted on WinXP,



It's really strange - where does the 52-41-XX-XX-XX MAC-address come from?!?

I have a couple of other machines running WinXP Pro, but from another installation and this does not occur on these machines. On the other hand I have used this WinXP Pro installation on another machine and it occurs on that, so I'll guess it MUST have to do with that WinXP configuration - but what?

It's maybe not a big problem, but I have to know... WHY!

[MrMat]

Some reports ->here<- and ->here-< of a similar MAC address appearing.

[techjunkie]

Some reports ->here<- and ->here-< of a similar MAC address appearing.

Thanks - I will try the solution in the first link.

[Derek]

Looking at your screen shots it appears that 192.168.1.30 is allocated on Vista, W2K, Linux even though it is not being listed so it maybe that winxp pro is actually being more thorough, unless of course you have actually manually entered the ip addresses.

[DoubleDutch]

techjunkie: It could possibly been a rootkit type virus that creates a virtual network card under your existing card. I would get an antivirus program that checks for the latest rootkit type viruses.

OR
===

It coulbe be a network bridge from some kind of Virtual PC emulator you may have installed at one time or another?

OR
===

If you have a PocketPC or a Windows Mobile phone, this can sometimes create some kind of low level hook into the network system and kind-of low level bridge it.

Hope this helps!

-Anthony

[Psychophanta]

I have configured the router to use a MAC-filter, i.e. "Only allow computers with MAC address listed below to access the network."

What a mean (miserly)!

[techjunkie]

I have configured the router to use a MAC-filter, i.e. "Only allow computers with MAC address listed below to access the network."

What a mean (miserly)!

*LOL* It's more a security issue... You are free to use my 24 Mbit Psychophanta, just mail me your MAC address!

[techjunkie]

techjunkie: It could possibly been a rootkit type virus that creates a virtual network card under your existing card. I would get an antivirus program that checks for the latest rootkit type viruses.

This was the first thing I checked. I have run 4 or 5 different Rootkit Revealers (including AVG, SysInternals and F-Secure), a couple of different AntiSpyware programs and a bunch og AntiVirus programs. Nothing, nada, zero...

It coulbe be a network bridge from some kind of Virtual PC emulator you may have installed at one time or another?

No, I have no Virtual PC or VPN software on that system.

If you have a PocketPC or a Windows Mobile phone, this can sometimes create some kind of low level hook into the network system and kind-of low level bridge it.

No, no PocketPC, cellphone or other stuff connected to the PC.

Thanks for all your help!