I've been using the premium OpenDNS at home for several months. Occasionally I get the less than useful "Malware / Botnet Activity" warning. It's less than useful because it's not time stamped, it doesn't show the file, and the IP address in every case is the range of the modem, not an actual device on the network. I use dynamic IPs generated by a wifi hub hooked up to a gig speed modem.
To make matters more interesting, when I switch between my two networks (I have two houses) with same setup, I get a new one from the router at the other house. In both bases the IP range is the range of the network, coming from *two different ISPs*, not the range of what's served up on the local 192.168 etc network. I also use different wifi equiptment on each network, google mesh on one eero on the other.
So three questions for the community
1) Which the Tango Foxtrot is this? Is this just some kind of roving malware coming in from the routers?
2) Is this a device on the network that is not part of the OpenDNS domain? Wouldn't that just show up with a 192.168 address from my hub?
3) Is there any way to isolate the actual machine
Any help appreciated!
Please sign in to leave a comment.