I had been seeing more & more 10.x.x.x addresses blocked in my FW logs hitting the inside interface. The address range on my inside network is 192.168.0.0/24 – so naturally I was concerned & wanted to know what the hell it was.
Digging through firewall logs, I found the MAC address of the offending device. It turned out to be my Wife’s mobile phone. Samsung Galaxy Ace.
What I saw was plenty of connections permitted on the internal address, then a couple blocked on a “random” 10.x.x.x address – followed by more on the internal address.
This cycle repeated for hours on end.
Trojan / Malware / What The ??
Using the MAC address – I checked the Assosciations to my Wireless Access point:
Sure enough, it turns out that the wireless connection is flapping like crazy. Dropping on & off my wireless network.
It drops off the network, Telstra gives it a private 10.x address
It get back on the WLAN, still transmitting on the 10.x until it gets a DHCP lease from my Access Point.
The traffic that it sends onto my wireless lan while it still has the 10.x address from Telstra is blocked – and reported.
Another mystery solved…… now to work out why its flapping so much – and not behaving like my Samsung Galaxy S2 – Associates once & is done with it (example below when I got home at 6pm)
