I’ve got a device popping up on my wireless that I’m having a hard time identifying. I scanned it with NMAP and it identified itself as a Fortigate Device (see details below). I also tried to hit it with Nessus, but unfortunately whenever I attempt to scan the device for any period of time, it drops off the network. I’ve blocked it from any outbound traffic in my firewall an logging packets (so far none seen). I also created a static DHCP address for the MAC address so when it does come online, it always gets the same IP address. Trying to determine whether I have a wireless interloper or this is a valid device on my network. The MAC address is an odd IEEE registered address. Appreciate any thoughts anyone has. It does have an open HTTP port with a very basic browser page that says something to the effect “this page does not exist” and a link to go “home” which returns you to the same page.
sudo nmap -sS -O xxx.xxx.xxx.xxx
Starting Nmap 7.80 ( https://nmap.org ) at 2021-02-08 09:05 CST
Nmap scan report for xxx.xxx.xxx.xxx
Host is up (0.021s latency).
Not shown: 849 filtered ports, 150 closed ports
PORT STATE SERVICE
80/tcp open http
MAC Address: CC:C2:61:50:0E:7C (Unknown)
Device type: firewall
Running (JUST GUESSING): Fortinet embedded (87%)
OS CPE: cpe:/h:fortinet:fortigate_100d
Aggressive OS guesses: Fortinet FortiGate 100D firewall (87%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop