It was right after 11 at night when I got the notification that a device had connected to my network. It was reporting to be a liteon device with a hostname of just a bunch of numbers and letters. I was going to bring up my kali linux laptop and see what it was doing but I didn’t want to give it enough time so I just did a quick port scan from my windows machine.

It was listening to ports 25 and 110, so it had a mail server on it. I was thinking maybe some kind of man in the middle attack to read any emails we may send. I haven’t kept up with hacking in a long time ago I wasn’t sure if arp poisoning was still a thing but if it was or something similar I figured it was possible to fool our network into thinking that the new ip was gmail or something. So I blocked the device from the network.

It was also listening to ports 119, 143, 465, 563, 587, 993, and 995.

Our router is an eero btw.

I know most of those other ports also have to do with e-mail services.

So did someone hack into our home network? The password isn’t super easy but it is two dictionary words with multiple numbers at the end which I know isn’t the safest. I am going to change the password to something much more difficult tonight.

I noticed that port 995 was specific to gmail… it also was one of the ports used by that cyclops botnet but from what I understand that was stopped… not that this couldn’t be something new.

Anyway, thought I would make a post here to see what ppl knew about this or if anyone has noticed anything similar connecting to their networks.

Thanks for any info.