cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
1,167 Views
Message 1 of 37

PRIVATE IP OUTSIDE OF PRIVATE DHCP SCOPE COMMUNICATING WITH MY LAN

I'm on BT's FTTP using a BT Smart Hub 2 including BT Voice.

I use the home hub as the authorative DHCP server. The Hub's IP is default 192.168.1.254 subnet 255.255.255.0

The DHCP scope is allocating IP's on Private class C network 192.168.1.64 - 192.168.1.240 (/24 subnet)

I used DHCP for most devices and all devices have subnet 255.255.255.0 (/24 subnet) This should mean that communication on my LAN should be locked within the DHCP scope.

I've recently done a network audit on my LAN using netscan and have been alarmed by an IP that is present outside of my IP range (192.168.201.15) and is able to communicate with my network. I can see this IP in netscan, however, it doesn't present a MAC address. I am able to ping this address.

I know this is a device outside of my LAN as when I unplug power to my router the ping response times out.

Naturally I'm concerned about this and am reaching out for any help advice avaivable.

0 Ratings
Reply
36 REPLIES 36
1,116 Views
Message 2 of 37

Re: PRIVATE IP OUTSIDE OF PRIVATE DHCP SCOPE COMMUNICATING WITH MY LAN

I doubt it’s anything to worry about.  Anything with 192.168 won’t pass through routers across the internet, so it is something internal to your network.

It’s quite common practice in industry to give the management interface on equipment, (like managed switches, for example), an IP in a different subnet to stop the ordinary user stumbling across them and playing with them.  I suspect this is something similar.  Possibly a piece of equipment connected through the switch built-in to the router or maybe even the router’s own management page?  That’s why it disappears when you shut down the router.

If it’s something to do with BT equipment I’m sure one of the more knowledgeable guys will jump in and explain it better than me.

0 Ratings
Reply
1,104 Views
Message 3 of 37

Re: PRIVATE IP OUTSIDE OF PRIVATE DHCP SCOPE COMMUNICATING WITH MY LAN

Thanks for the reply. The IP (192.168.201.15) outside of my inernal range is 100% not assigned to any of my internal equipment neither is it the BT Smart Hub 2's IP - This is the default 192.168.1.254/24 as mentioned in OP.

It is definately outside of my LAN and I suspect perhaps another client/customer of BT who has set a more open subnet (broadcast?) allowing communication over WAN with my range.

If it is BT's equipment it is odd they would set it to a private address within the class 3 range which is meant for private home networks. Regardless, I do not want this, or any other private IP outside of my private LAN to be able to communicate with my LAN for obvious security reasons.

I've raised with BT and they have escalated to the tech security team and am awaiting response and will report back on here if I get any meaningful explanation or resolution.

It may be that I have to buy a 3rd party router and setup access control, however, this is not completely straight forward due to using BT's Digital Voice. I may have to do some configuration on both BTSH2 and the 3rd Party router so the 3rd party router handles access control / routing, WAP, etc and the BTSH2 simply acts as a modem. Ideally I shouldn't have to do this, but will see what response I get on here and from BT.

0 Ratings
Reply
1,081 Views
Message 4 of 37

Re: PRIVATE IP OUTSIDE OF PRIVATE DHCP SCOPE COMMUNICATING WITH MY LAN

Your concerns are noted and what equipment you run is up to you, of course.    I was only trying to allay your fears.  It is quite possible to run your own network, through you own router inside the SH2.  I’m doing it myself because of DV.

Just to clarify, the notion of class A, B and C relates to the old Classful addressing scheme and is obsolete today.  In both this and modern Classless addressing, 192.168 does not pass through a router onto the internet.  If this did happen on routers it would be a major, major problem.  The address conflicts alone would rapidly bring the internet to a standstill, so I doubt very much that this is from outside of your network.

That having been said, I’ll leave you to it.  As I said, I’m sure someone more knowlegable will pick the thread up.  All the best.

0 Ratings
Reply
1,077 Views
Message 5 of 37

Re: PRIVATE IP OUTSIDE OF PRIVATE DHCP SCOPE COMMUNICATING WITH MY LAN

I can't see how it can possibly be from outside of your LAN.

As @WSH has said, 192.168.xxx.xxx is not routable on the internet.

0 Ratings
Reply
1,051 Views
Message 6 of 37

Re: PRIVATE IP OUTSIDE OF PRIVATE DHCP SCOPE COMMUNICATING WITH MY LAN


@Sambobwrote:

I know this is a device outside of my LAN as when I unplug power to my router the ping response times out.


A better test would be to simply unplug the ethernet connection to the ONT. That breaks the WAN connection while leaving the LAN intact. I'd wager you can still see/ping the mystery IP, showing it's internal.

Then maybe try entering it into a web browser & see if anything comes up. If not, power your devices off one at a time until it goes away.

0 Ratings
Reply
1,046 Views
Message 7 of 37

Re: PRIVATE IP OUTSIDE OF PRIVATE DHCP SCOPE COMMUNICATING WITH MY LAN

If it's showing up as 192.168.x.y  on a netscan that you're running on a device connected to your hub, then by definition it is inside your LAN - as others have said 192.168.x.y addresses are not routable.  The fact that it's outside your DHCP range simply means that it has been allocated a static IP address on the device itself.

Are you by any chance using powerline adapters?  ISTR a recent thread where there was a suspicion of traffic leakage between neighbouring properties through inductive coupling between adjacent powerline systems.

0 Ratings
Reply
993 Views
Message 8 of 37

Re: PRIVATE IP OUTSIDE OF PRIVATE DHCP SCOPE COMMUNICATING WITH MY LAN

100% outside of my LAN. I suspect it's not on the internet, but within BT's network.

0 Ratings
Reply
988 Views
Message 9 of 37

Re: PRIVATE IP OUTSIDE OF PRIVATE DHCP SCOPE COMMUNICATING WITH MY LAN

The BT BRAS has a private address but is normally in the 172 private range but they might have also used a 192.168 address . What is the hub showing as it's Gateway address?

0 Ratings
Reply
985 Views
Message 10 of 37

Re: PRIVATE IP OUTSIDE OF PRIVATE DHCP SCOPE COMMUNICATING WITH MY LAN

Very good idea.

I unplugged the power to the ONT and the device no longer responded to ping.

Could it be the ONT itself?

0 Ratings
Reply