Notification

Icon
Error

Asset Radar and external/remote IPs - Why are remote IPs showing up with Asset Radar?

Posted: Tuesday, April 13, 2021 5:25:05 AM(UTC)
gadgetrants

gadgetrants

Member Original PosterPosts: 1
0
Like
Hi all!

I've done the obligatory search and didn't find anything related, so here goes first post:

I have three assets that have shown up via Asset Radar, all apparently Google IPs and hostnames, e.g.:

- Hostname: sfo03s18-in-f14.1e100.net
- IP: 172.217.164.110

Lansweeper has categorized the "devices" as webservers (which I understand from googling can be a default/fallback label) with the model "gws" (lowercase), which I read as "Google WebServer." 😉

I don't understand a few things:

1. How were these "devices" detected? Were they remotely connected to my host machine? There is no evidence that they were connected to my router. So perhaps they are some kind of program or bot that's phoning home from my Lanserver host? If so, why does Asset Radar think it's an external IP if the traffic is originating from my local machine?

2. When I run a scan, Lansweeper "sees" the asset each time (there are three in fact). What does it mean that Lastseen is the latest scan, when there is no evidence of a remote connection to the external IP?

I've done quite a bit of diagnostic testing over the last few days to try and isolate the so-called "rogue devices." Ultimately, I disconnected all machines from my LAN, turned off the WAN, and did a scan from the host machine -- again each of the three external "devices" came up as seen during the scan.

I've also blocked all outbound traffic to the IPs (at the router) and confirmed by failed pings, and yet...wait for it...they all show up during an active scan. Odd. Perhaps I'm confused, but up to this point I'd understood that when a device/IP shows up with a current Lastseen timestamp, that means the device is currently connected (to the host) and can be...you know, scanned. No comprendo.

I'm having a lot of trouble understanding what this result means, in the context of (a) no external connection, (b) no other network device connection (other than the router, which has no WAN), and (c) all other devices and IPs that Lansweeper normally sees (when connected) are limited to my local network.

An option is to delete the Asset Radar entries and see if they show up again from an AR scan. However, I'd like to keep the data live and in the system as I continue to run diagnostics. Rather not delete or export and delete for diagnostic purposes.

Has anyone seen something similar? Any suggestions? I thought perhaps one of the 10,000 smart-home devices I own (many of them Google-related) might be running some kind of server, but running a scan with no WAN or other local devices connected rules that theory out, IIUC what active scanning and seeing/detecting a device actually means.

PS An INTERESTING footnote: I'm running Asuswrt-Merlin on the router and checked out the connection table -- turns out several of my local machines are connected to each of the remote IPs in question. Actually, all of my machines are connected to DOZENS of external IPs of course, so I'm not sure what that proves. However, it suggests that perhaps Asset Radar stumbled on to a few of those "innocent" conversations and miscategorized them? Just a hunch? Is it plausible?

Active Discussions

Lansweeper Using tblO365User report for devices Out of warranty
by  QueryLSTech   Go to last post Go to first unread
Last post: Yesterday at 5:15:37 PM(UTC)
Lansweeper Duplicate assets, random monitor unique keys
by  kloosterd  
Go to last post Go to first unread
Last post: Yesterday at 1:00:34 PM(UTC)
Lansweeper Scanning - nothing appears in the queue
by  LS IT Admins   Go to last post Go to first unread
Last post: Yesterday at 11:08:22 AM(UTC)
Lansweeper Broken scanning of AD
by  LS IT Admins  
Go to last post Go to first unread
Last post: Yesterday at 10:59:35 AM(UTC)
Lansweeper New ticket auto-assignment & default state
by  Brandon   Go to last post Go to first unread
Last post: 5/13/2021 5:21:31 PM(UTC)
Lansweeper Automatic Follow-Up for Tickets
by  Francis Lee Mondia - Endace  
Go to last post Go to first unread
Last post: 5/12/2021 11:06:51 PM(UTC)
Lansweeper Can't see devices on Lansweeper
by  vqT4cDoP9iXyMZwoDUWU   Go to last post Go to first unread
Last post: 5/12/2021 8:33:21 PM(UTC)
Lansweeper LAPS managed password
by  SystemAdmin  
Go to last post Go to first unread
Last post: 5/12/2021 6:08:42 PM(UTC)