Hi Ralph
On 08/03/2019 11:12, Ralph Corderoy wrote:
Hi Tim,
then for around 30 minutes in the morning, returning exactly as Cost
Centre #2 left for school.
I was going to mention at the club if it could be your policy rules
interfering. It didn't occur to me it could be them being routed
around. :-)
A few months ago, everything starts being a bit flaky. Sometimes I
can't get a DHCP response from Golux when trying to connect my own
laptop to one Wifi access point, but can do from one of the others. I
have my suspicions, especially as rebooting the router clears the
problem. Suspicions reinforced as flushing the router ARP table also
clears the problem. But can't see anything untoward in the ARP table
contents.
Could #CC2 be switching to your laptop's MAC address?
I think the evidence is that he's switching to Golux's IP address, as I lose
connectivity with Golux from work (over VPN) when he's doing his thing. My
laptop's off/asleep so it's really out of the equation. What I can't explain
though is that I can't contact the router either from work during those times,
and from the logs the router WAN actually goes down. I did suspect at one point
he may be plugging another router into a phone extension socket, but have ruled
that out. Could be down to the router being configured to use Golux as its DNS
server.
7. So, last night, a quick fix of blacklisting CC#2's phone MAC for
Wifi access in all the access points, although longer term will change
this to a whitelist and IP filtering.
How about leaving the mouse to continue his excursions, but see if you
can monitor traffic levels over time by MAC or IP address on the
Draytek. Or if the Draytek doesn't offer that, on Golux, if all traffic
must pass through it to reach the Draytek. That might give a clue as to
what's being spoofed?
Yes, I had that in mind. If it's just the IP address it should be fairly quick
to nail. If it's MAC and IP address, could take a bit of figuring and may be
easier to bring out the thumbscrews :) There's a fair number of devices (20-30)
on the network at any time.
Cheers
Tim
--
Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00
Check to whom you are replying
Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/
New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
