could what i see be a component of bad upnp? On Mon, Feb 27, 2017 at 4:25 PM, Jesse DuPont <[email protected] > wrote:
> There isn't really anything that does what you want other than looking at > packets. Your best bet will be to capture and then filter just ARP packets > or just DHCP server packets (UDP, source-port 67) to find rogue DHCP > servers. It's a start. > > *Jesse DuPont* > > Network Architect > email: [email protected] > Celerity Networks LLC > > Celerity Broadband LLC > Like us! facebook.com/celeritynetworksllc > > Like us! facebook.com/celeritybroadband > On 2/27/17 3:18 PM, That One Guy /sarcasm wrote: > > Im mainly looking for IP space that shouldnt be present, DHCP or not. > I can packet sniff and exclude all configured subnets on that bridge, but > its a pain > I didnt know if there was arp monitor or something along those lines. > collecting gratuitous ARPs or something like that > > > I see alot of false 192.168.1.1 when i stick that subnet on the interface, > it doesnt respond and often times has the customer IP arp listed as well > sometimes its the same mac, sometimes its one digit off like a reboot > cycling up in switch then into router mode during boot cycle. I see it alot > with netgear macs. > > alot of times the 192.168.1.1 is persistent even though its not responding > or otherwise apparently even active > > On Mon, Feb 27, 2017 at 4:04 PM, Adam Moffett <[email protected]> wrote: > >> Oh? I never noticed that feature. >> >> If you get the offender's MAC address it should be trivial to find them >> at that point. That's really all you need. >> >> >> ------ Original Message ------ >> From: "Dennis Burgess" <[email protected]> >> To: "[email protected]" <[email protected]> >> Sent: 2/27/2017 5:01:12 PM >> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets >> >> MIkroTik does have a dhcp alert detection as well. It will not detect >> the dhcp sever on the router. It will give you basic information such as >> MAC address etc, but really don’t help you too much. But neither will >> turning a DHCP client on. You have to find where that client is and turn >> them off. >> >> >> >> >> >> *Dennis Burgess** –** Network Solution Engineer – Consultant * >> >> MikroTik Certified Trainer/Consultant >> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – >> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE >> >> >> >> For Wireless Hardware/Routers visit www.linktechs.net >> >> Radio Frequiency Coverages: www.towercoverage.com >> >> Office: 314-735-0270 <%28314%29%20735-0270> >> >> E-Mail: [email protected] >> >> >> >> *From:* Af [mailto:[email protected]] *On Behalf Of *Dennis Burgess >> *Sent:* Monday, February 27, 2017 3:59 PM >> *To:* [email protected] >> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets >> >> >> >> Switch can do it too, port isolation! Lol note, not a dumb switch >> though. Nettoix I belive does it. >> >> >> >> >> >> *Dennis Burgess** –** Network Solution Engineer – Consultant * >> >> MikroTik Certified Trainer/Consultant >> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – >> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE >> >> >> >> For Wireless Hardware/Routers visit www.linktechs.net >> >> Radio Frequiency Coverages: www.towercoverage.com >> >> Office: 314-735-0270 <%28314%29%20735-0270> >> >> E-Mail: [email protected] >> >> >> >> *From:* Af [mailto:[email protected] <[email protected]>] *On >> Behalf Of *Adam Moffett >> *Sent:* Monday, February 27, 2017 3:57 PM >> *To:* [email protected] >> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets >> >> >> >> Only on two different router interfaces. If they're on a switch, then no. >> >> >> I think Dennis may be referring to how you should ideally have things >> configured, and I think you're talking specifically about the feature in >> Canopy equipment labeled "SM Isolation". >> >> Ideally, yeah you should make it so one customer can't break everyone. >> That's a multi-faceted thing and SM Isolation is one component of it. >> >> >> >> If you're looking specifically for a router plugged in backwards, add a >> DHCP-client to the interface facing the AP, and (*critical*) uncheck the >> boxes for "add default route" and "add peer DNS". That might be the kind >> of quick, simple test you're hoping for. >> >> >> >> >> >> >> >> >> >> ------ Original Message ------ >> >> From: "That One Guy /sarcasm" <[email protected]> >> >> To: "[email protected]" <[email protected]> >> >> Sent: 2/27/2017 4:42:02 PM >> >> Subject: Re: [AFMUG] Mikrotik quick view for unknown subnets >> >> >> >> clients on two different access points wil be blocked by client isolation? >> >> >> >> On Mon, Feb 27, 2017 at 3:35 PM, Dennis Burgess <[email protected]> >> wrote: >> >> There is no reason why it would and should not . J You can easily >> allow the one offs … >> >> >> >> >> >> *Dennis Burgess** –** Network Solution Engineer – Consultant * >> >> MikroTik Certified Trainer/Consultant >> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – >> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE >> >> >> >> For Wireless Hardware/Routers visit www.linktechs.net >> >> Radio Frequiency Coverages: www.towercoverage.com >> >> Office: 314-735-0270 <%28314%29%20735-0270> >> >> E-Mail: [email protected] >> >> >> >> *From:* Af [mailto:[email protected]] *On Behalf Of *That One Guy >> /sarcasm >> *Sent:* Monday, February 27, 2017 1:13 PM >> *To:* [email protected] >> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets >> >> >> >> A. we have some locations where we dont use client isolation and B client >> isolation doesnt apply to two access points as far as I know >> >> >> >> On Mon, Feb 27, 2017 at 12:42 PM, Dennis Burgess <[email protected]> >> wrote: >> >> Your client isolation should take care of that. FYI. >> >> >> >> >> >> *Dennis Burgess** –** Network Solution Engineer – Consultant * >> >> MikroTik Certified Trainer/Consultant >> <http://www.linktechs.net/productcart/pc/viewcontent.asp?idpage=5> – >> MTCNA, MTCRE, MTCWE, MTCTCE, MTCINE >> >> >> >> For Wireless Hardware/Routers visit www.linktechs.net >> >> Radio Frequiency Coverages: www.towercoverage.com >> >> Office: 314-735-0270 <%28314%29%20735-0270> >> >> E-Mail: [email protected] >> >> >> >> *From:* Af [mailto:[email protected]] *On Behalf Of *That One Guy >> /sarcasm >> *Sent:* Monday, February 27, 2017 12:42 PM >> *To:* [email protected] >> *Subject:* Re: [AFMUG] Mikrotik quick view for unknown subnets >> >> >> >> I wasnt clear, I was actually looking for rogue subnets in general >> >> another issue example is that a customer with some time clocks recently >> had a slick tech put a switch in before the router at multiple locations >> from the same site, different APs, we bridge the APs at the POP, so they >> were directly communicating >> >> >> >> On Mon, Feb 27, 2017 at 12:33 PM, Faisal Imtiaz <[email protected]> >> wrote: >> >> You might find the useful. >> >> >> >> https://forum.mikrotik.com/viewtopic.php?t=23640 >> >> >> >> >> >> Regards. >> >> >> >> Faisal Imtiaz >> Snappy Internet & Telecom >> 7266 SW 48 Street >> Miami, FL 33155 >> Tel: 305 663 5518 x 232 <%28305%29%20663-5518> >> >> Help-desk: (305)663-5518 <%28305%29%20663-5518> Option 2 or Email: >> [email protected] >> >> >> ------------------------------ >> >> *From: *"That One Guy /sarcasm" <[email protected]> >> *To: *[email protected] >> *Sent: *Monday, February 27, 2017 11:34:59 AM >> *Subject: *[AFMUG] Mikrotik quick view for unknown subnets >> >> If, for example a customer has a router connected backward, is there an >> arp(ish) check aside from packet sniffing to see this since its not a >> subnet on the interface and there wont be an arp entry? >> >> >> >> -- >> >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> >> >> >> >> >> >> -- >> >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> >> >> >> >> -- >> >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> >> >> >> >> -- >> >> If you only see yourself as part of the team but you don't see your team >> as part of yourself you have already failed as part of the team. >> >> > > > -- > If you only see yourself as part of the team but you don't see your team > as part of yourself you have already failed as part of the team. > > > -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
