# Strange, unknown devices on my network



## Scoobysnack

So today while trying to set up a shared folder on my network, I noticed some unknown devices under the "network" section on file explorer (Windows 10). They would appear then disappear shortly after, 3 devices in total, a wifi extender, a cell phone, and an amazon tablet. At this point I'm thinking there are intruders on my network and log onto my router to change the wifi password. Turns out the login credentials for the router are the default "admin,admin" which is strange because I always change this when I buy a new router (set this one up 4 months ago). Not sure what happened there, most likely I just screwed up and forgot to change it.

I proceeded to change the router login/password, change the network SSID, and change the network password. Now when I check my network devices, there are still unknown devices appearing and disappearing. I should also mention that none of these devices show up in the router IP/MAC address log.

Now, I did some reading and it seems that this can simply be nearby devices "scanning" for a wifi network but not actually connecting to my network. Is this what's happening? Sorry if this is a dumb question haha. I just want to make sure someone isnt stealing my connection and/or I dont have malware installed.

Any input is much appreciated


----------



## Duality92

Quote:


> Originally Posted by *Scoobysnack*
> 
> So today while trying to set up a shared folder on my network, I noticed some unknown devices under the "network" section on file explorer (Windows 10). They would appear then disappear shortly after, 3 devices in total, a wifi extender, a cell phone, and an amazon tablet. At this point I'm thinking there are intruders on my network and log onto my router to change the wifi password. Turns out the login credentials for the router are the default "admin,admin" which is strange because I always change this when I buy a new router (set this one up 4 months ago). Not sure what happened there, most likely I just screwed up and forgot to change it.
> 
> I proceeded to change the router login/password, change the network SSID, and change the network password. Now when I check my network devices, there are still unknown devices appearing and disappearing. I should also mention that none of these devices show up in the router IP/MAC address log.
> 
> Now I did some reading and it seems that this can simply be nearby devices "scanning" for a wifi network but not actually connecting to my network. Is this what's happening? Sorry if this is a dumb question haha. I just want to make sure someone isnt stealing my connection and/or I dont have malware installed.
> 
> Any input is much appreciated


I'm not too savvy, but if they're connected, you should see them under the DCHP list on your router, if they're not there, they shouldn't have access to any of your bandwidth.


----------



## NexusRed

Post a pic if you can.


----------



## mmonnin

Do you have a guest network?


----------



## Scoobysnack

Quote:


> Originally Posted by *Duality92*
> 
> I'm not too savvy, but if they're connected, you should see them under the DCHP list on your router, if they're not there, they shouldn't have access to any of your bandwidth.


I see. They do NOT show up on the DCHP list, only the known devices in my network do.
Quote:


> Originally Posted by *NexusRed*
> 
> Post a pic if you can.


Here's a screenshot I took earlier, the unknown device being "full_ford"


Quote:


> Originally Posted by *mmonnin*
> 
> Do you have a guest network?


Not that I'm aware of. How can I find out? As far as I know, all devices need the network password to access it.


----------



## kyfire

Googleing that model number shown (KFFOWI) comes up with an Android device made by Amazon. My guess is it's an Amazon Fire or Kindle. Got any of those in your home?


----------



## Scoobysnack

Quote:


> Originally Posted by *kyfire*
> 
> Googleing that model number shown (KFFOWI) comes up with an Android device made by Amazon. My guess is it's an Amazon Fire or Kindle. Got any of those in your home?


Nope. There are also various smartphones appearing and disappearing, none of which are ours.


----------



## MrTOOSHORT

I just checked mine and smart phones are appearing and disappearing too.


----------



## mmonnin

The guest network setup can be found in the router setup.

These are probably people driving by and their Wifi is finding your broadcast.


----------



## Scoobysnack

Quote:


> Originally Posted by *mmonnin*
> 
> The guest network setup can be found in the router setup.
> 
> These are probably people driving by and their Wifi is finding your broadcast.


I think you might be right

Here's a thread I was reading about a similar issue: http://www.tomshardware.co.uk/answers/id-1668867/network-hacked.html

Specifically:
Quote:


> Any device can try to 'access' the network by first 'listening' for wireless signals like a radio listens for radios stations. In this case the phone (a neighbor) has WIFI turned 'ON' so it automatically looks for WIFI instead of using cellular minutes. Your wireless and extender are broadcasting "BOBSWIFI", so the phone tries to automatically tune in BOBSWIFI, but then when the phone and wifi/extender talk, your network says "PASSWORD!" and the phone goes "Huh?" and that is it. So it doesn't get 'IN' your network.


----------



## MrTOOSHORT

That seems logical to me as the phones show up and then disappear within 20 seconds or so.


----------



## Scoobysnack

Quote:


> Originally Posted by *MrTOOSHORT*
> 
> That seems logical to me as the phones show up and then disappear within 20 seconds or so.


I think that might very well be what's happening, helps to know I'm not the only one experiencing this


----------



## rvbarton

I'm having this same issue. I see a computer showing up named "Full_Ford", and it lasts for about 30 seconds. I've taken the MAC address and cannot find it in my router's list of known devices. Not knowing what this was, I changed my wifi passkey to something that is VERY strong, 12 characters, with a various mix of special keys and numbers, blah blah blah. I also disabled my guest network.

This morning I got up and saw the same thing again. the description shows it as an Amazon item, model #KFFOWI. Google search shows it as being a tablet, although I have no Amazon tablets.

Thoughts?


----------



## mmonnin

Can you block the MAC address?


----------



## rvbarton

of course I could, but I'd rather figure out what it is exactly. Can't be a hacker, or at least I'm reasonably sure its not. No way they could have deciphered my password that quickly.


----------



## kennyanderson

From what I have found, full_ford is related to the amazon fire stick/fire tv as well as amazon tablets


----------



## heuristik

I, too, am experiencing this odd issue. The device changes from reporting itself as an Amazon fire late model to a fire phone, always Amazon. 

I definitely do not own this device, and have just moved to a new house, rebuilt my LAN, replaced my WiFi Router, and the device is still here. ***?

I should also add the device is not picking up an IP address, it's MAC doesn't appear in any of the AP or Firewall Syslogs.


----------



## Berkshire Bugsy

I have noticed this since I bought an Android MXQ box which is connected to my network. I've also bought a wireless keyboard which is connected to the MXQ so it may be that. I suspect it is the MXQ box


----------



## taskrov

I see the same on my router, and it is probably the Amazon app installed on the Samsung (or other smart) TV that is emulating a Fire Stick.


----------



## Hiroshi

Hello, I am a Japanese. full_ford icon appear also on my network.
It seems that Microsoft says WPS often shows icons of devices which are searching access points.
(http://www.firstreview.jp/2013/08/869/ Note: in Japanese)

But, I don't think young persons who have Amazon tablets don't live near my house. so it's very strange.
I could block the mac address, but I want to know what they are doing in my network.
Is there any new information?


----------



## gjperks

Hi all, first post and I'm glad it's a question I can answer. I had the same issue with mine when I would login so I called my ISP and they told me that their routers for my particular router anyway, has what's called a hotspot in it. This allows other users to log into the internet using my router while they are roaming or traveling away from their home but it does not get into my personal Network. I believe this option is turned on by default by the isps, but I turned mine off by going to my routers homepage and found the option to turn the hotspot off. I have a tc8717c which was provided by my ISP. If you Google the manual for your particular router you should be able to find out if it has a hotspot or not. Also you can call your ISP. I hope this helps some of you out there. please let me know, thanks


----------



## gjperks

My list shows all my neighbors so I'm sure all my neighbors have me on their list also. I still do have an unknown device on my list. I believe that maybe the hot spot I have yet to figure that part out


----------



## gjperks

I'm sorry not unknown device hidden device. Any answers to that one would be appreciated, thanks.


----------



## Master__Shake

turn off wps on your router.

i had some guys printer in my network folder when i moved in to my new house.

drove me nuts thinking that i had this strangers printer on my network.

turned of wps and it was gone forever.

or install dd-wrt on your router it doesn't even have wps as an option.


----------



## MrKoala

Those are NOT "drive-by" devices trying to connect.

Your Windows operation system doesn't see the physical device or their MACs, it only sees what the router delivers. If an unwanted device, assuming one does exist, tries to connect to your router but doesn't make it pass the authentication, it will not be given a valid IP on your network and your Windows simply can't receive any data from it. If you see anything, something is already in.


----------



## electro2u

Is this relevant? When I go to Network nothing displays because I don't have these options checked.


----------



## MrKoala

Yes. When network discovery is off the OS won't try to find and display unknown devices. This doesn't mean they don't exist on the LAN, just not detected.


----------



## electro2u

Quote:


> Originally Posted by *MrKoala*
> 
> Yes. When network discovery is off the OS won't try to find and display unknown devices. This doesn't mean they don't exist on the LAN, just not detected.


I think you are right. I enabled OS discovery (I don't understand these things very well). And after a minute or so an LG phone popped up. I was sort of puzzled, but I went to my router's IP address and poked around looking for WPS and sure enough it was enabled, disabled it and the phone went poof.


----------



## redsox83381

I'd be doubtful that they are devices on your guest network. Any decent router puts the guest network in a separate subnet, segregated from your home network. Windows only does device discovery on your local subnet.


----------



## spinFX

Quote:


> Originally Posted by *Hiroshi*
> 
> Hello, I am a Japanese. full_ford icon appear also on my network.
> It seems that Microsoft says WPS often shows icons of devices which are searching access points.
> (http://www.firstreview.jp/2013/08/869/ Note: in Japanese)
> 
> But, I don't think young persons who have Amazon tablets don't live near my house. so it's very strange.
> I could block the mac address, *but I want to know what they are doing in my network.*
> Is there any new information?


If you block the mac address (or use ACL to only allow devices you specify to have access to the wifi network), you know exactly what they are doing on your network: *Nothing.*
If someone really is accessing your network, it is most likely their activities are malicious, unless your wifi is completely open, and people can connect accidentally.
I have always had ACL setup on my wifi router, it's much easier to only allow who you want, and if they are persistent enough to spoof a mac address on my network, well I guess they can use my internet connection for a bit and browse my housemates computer (can't view any of my shares without a password).

One thing I was thinking, could this have anything to do with Windows10 feature of sharing your Wifi password with anyone in your hotmail, outlook or facebook contact list?
(if you don't name your network _optout then it is automatically shared). Perhaps it's people you know on facebook driving close enough to your house to get a connection for a second? Bit of a long shot though.


----------



## McFrisch

Was having the same quandary about "full_ford". I believe it is Alexa (an Amazon Device). Doesn't work properly if blocked.


----------



## thompsan

Also noticed strange units in my network such as a sony phone and units without names just icons.
Most had a mac address but no other useful information.
Disabled WPS in the router and sure enough they all disappeared.
My guess (hope) is that they were never really inside of the network but were visible due to the WPS functionality.


----------



## areamike

Mine is called "full_biscuit"

/necro


----------



## stephenn82

I am getting one of these now...after I switched to a newer router, an R7800 Netgear X4S. Not sure why its showing up...sorry for 1 year old thread revive...but doesnt look like it was ever answered with reason of what and why its there.


----------



## Khulani1

*UNKNOWN DEVICES!*



Scoobysnack said:


> Quote:
> 
> 
> 
> Originally Posted by *Duality92*
> 
> I'm not too savvy, but if they're connected, you should see them under the DCHP list on your router, if they're not there, they shouldn't have access to any of your bandwidth.
> 
> 
> 
> I see. They do NOT show up on the DCHP list, only the known devices in my network do.
> Quote:
> 
> 
> 
> Originally Posted by *NexusRed*
> 
> Post a pic if you can.
> 
> Click to expand...
> 
> Here's a screenshot I took earlier, the unknown device being "full_ford"
> 
> 
> Quote:
> 
> 
> 
> Originally Posted by *mmonnin*
> 
> Do you have a guest network?
> 
> Click to expand...
> 
> Not that I'm aware of. How can I find out? As far as I know, all devices need the network password to access it.
Click to expand...

are you based in the UK? I am experiencing the exact same thing as you mentioned, with the exact same devices showing up ''EXACTLY'' THE SAME!! if you live in a neighbor watch area, you are probably being hacked!

if you access you wireless router by going to network - right click on you router - properties - then device web page

you will find a list of connected devices, if your router is encrypted with a password then you have most likely been hacked!


----------



## wilykat

Make network invisible, require user to know the SSID to even access the network. This should provide additional layer of protection on top of your standard encryption password such as wpa2.


----------



## Albhis

*Kffowi? what?*

I have a similar problem. A kffowi device supposedly keeps using my email account... WHAT IS A KFFOWI?!


----------



## KarathKasun

wilykat said:


> Make network invisible, require user to know the SSID to even access the network. This should provide additional layer of protection on top of your standard encryption password such as wpa2.


This is not actual security, the SSID is still broadcast over the air, its just slightly more difficult to find.

WPS should always be disabled, it is a major security hole.

WiFi in general is a major security hole and should ALWAYS be seen as a hostile network. If you have media servers that serve WiFi clients, they need to be on a WiFi specific DMZ and there needs to be a firewall between the WiFi and wired networks.


----------



## Techie007

Scoobysnack said:


> Quote: Originally Posted by *mmonnin*
> 
> The guest network setup can be found in the router setup.
> 
> These are probably people driving by and their Wifi is finding your broadcast.
> 
> 
> I think you might be right
> 
> Here's a thread I was reading about a similar issue: http://www.tomshardware.co.uk/answers/id-1668867/network-hacked.html
> 
> Specifically: Quote: Any device can try to 'access' the network by first 'listening' for wireless signals like a radio listens for radios stations. In this case the phone (a neighbor) has WIFI turned 'ON' so it automatically looks for WIFI instead of using cellular minutes. Your wireless and extender are broadcasting "BOBSWIFI", so the phone tries to automatically tune in BOBSWIFI, but then when the phone and wifi/extender talk, your network says "PASSWORD!" and the phone goes "Huh?" and that is it. So it doesn't get 'IN' your network.


    No way—that's not how it works!  For one, guest networks are purposely isolated from the main network, so none of those devices would be showing up from "across the fence".  Additionally, on a password protected WiFi network, all the data packets are encrypted at the network layer, Layer 3.  This means that the only thing visible to a non-authenticated device are the MAC addresses of all the communicating devices on the network, who's communicating with who, the size of the data packets, and the BEACON packets that broadcast the name and capabilities of your network.  But for a device to appear to appear on the network with a name, it has to be broadcasting DHCP, DNS, LLMNR or WDS data to your network at the application layer, Layer 7.  And to do so, it would have to be fully authenticated (decrypted) on your network; otherwise, your router and connected devices wouldn't be able to interpret (decrypt) any of the packets received from the rogue device.
    The only place where the above could happen is on the router (or access point) itself, and the only identification the rogue device would have would be its MAC address, and it would only show up on the network for a few seconds at a time before dropping off, unable to authenticate.  But most routers' device lists are based on the DHCP table, and so such devices would never show up anywhere.  Routers running Tomato firmware are an exception to this rule, as their device list is based on DHCP, ARP and WL, the last of which can see devices trying to associate to the network.

    Now, on to what's actually happening: Microsoft has added a "feature" to Windows called *Connect Now*, which partners with WPS on your router to gather information about devices that are, and have been, in the area.  It then lists these "discovered" devices in your File Explorer.  How this system is actually supposed to be useful in the real world, or why somebody thought it would be a good idea, I don't even begin to comprehend.  But, I do know that WPS is a huge security vulnerability because it reduces your WiFi password to an easily crackable PIN.  And some router firmwares don't even implement the hashing double-challenge system correctly, which means an attacker could trick the router into giving up (or eliminating the possibility of) parts of the PIN.
    How to tell if the device is actually on your network?  Right-click the rogue device and click *Properties*.  If it has an IP address, it's on your network.  If it only has a MAC address, it was discovered outside your network by WPS on your router.
    To fix these issues, do two things: Go into your router's settings and disable WPS (Wireless Protected Setup), and open *Computer Management* -> *Services* on your PC and disable the *Windows Connect Now* service.  After executing these two steps, your WiFi password will be much harder to compromise, and devices that aren't actually on your network will no longer show up in File Explorer.


----------

