Ghost Sophos host on network

Post Reply
davotoula
Posts: 11
Joined: Fri Feb 24, 2012 2:46 pm

Ghost Sophos host on network

Post by davotoula »

Hello all, during a recent nmap scan of my home network there is an unknown device being reported on IP one above my current DHCP range.

The unknown device is being reported with same MAC address as my billion device.

Does the Billion 7800N include some kind of Sophos software for security or am I going crazy?

Code: Select all

Starting Nmap 7.12 ( https://nmap.org ) at 2016-07-29 17:14 BST
Nmap scan report for 192.168.xxx.xxx
Host is up (0.0093s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE    VERSION
8192/tcp open  sophos     Sophos Message Router (Interroperable Object Reference Service)
8193/tcp open  tcpwrapped
8194/tcp open  ssl/giop   omg.org CORBA naming service
| ssl-cert: Subject: commonName=Router$xxxxx:180870
| Not valid before: 2016-06-05T08:35:17
|_Not valid after:  2036-06-01T08:35:17
MAC Address: 00:04:ED:xx:xx:xx (Billion Electric)
Device type: media device
Running: Apple Apple TV 5.X
OS CPE: cpe:/a:apple:apple_tv:5.2.1 cpe:/a:apple:apple_tv:5.3
OS details: Apple TV 5.2.1 or 5.3
Network Distance: 1 hop
I can telnet to the port 8194 but get kicked out after 2 commands... could not find any documentation on what to do from the command prompt.

thank you
davotoula
Posts: 11
Joined: Fri Feb 24, 2012 2:46 pm

Re: Ghost Sophos host on network

Post by davotoula »

Well that's embarrassing. Turns out it was my own device that I was doing the scan from.

The .151 should have made it obvious as it's the start of the VPN device ip range.

I was logged in to the home network remotely over vpn!

It's the mac address that confused me. I guess that all devices on vpn use the router mac to get routed correctly?

All is well.... :D
Post Reply