holy flapping mobile wireless batman

27 02 2012

I had been seeing more & more 10.x.x.x addresses blocked in my FW logs hitting the inside interface. The address range on my inside network is 192.168.0.0/24 – so naturally I was concerned & wanted to know what the hell it was.

Digging through firewall logs, I found the MAC address of the offending device. It turned out to be my Wife’s mobile phone. Samsung Galaxy Ace.

What I saw was plenty of connections permitted on the internal address, then a couple blocked on a “random” 10.x.x.x address – followed by more on the internal address.

This cycle repeated for hours on end.

Trojan / Malware / What The ??

Using the MAC address – I checked the Assosciations to my Wireless Access point:

Sure enough, it turns out that the wireless connection is flapping like crazy. Dropping on & off my wireless network.

It drops off the network, Telstra gives it a private 10.x address

It get back on the WLAN, still transmitting on the 10.x until it gets a DHCP lease from my Access Point.

The traffic that it sends onto my wireless lan while it still has the 10.x address from Telstra is blocked – and reported.

Another mystery solved…… now to work out why its flapping so much – and not behaving like my Samsung Galaxy S2 – Associates once & is done with it (example below when I got home at 6pm)

Advertisements




Large URL List Processing

9 02 2012

So – a quick detour came to my attention in the form of a list of urls.

These 680 odd urls were neatly formatted in a list, and lets for this excercise say they presented an image.

Now what – copy & paste each one into a browser to see if it works – FAIL.

 

So – using simple cli-fu I verified the URLs were valid & then created a page, embedding them all in there.

First – run your list through wget to verify its valid & working

# wget –spider -i urls.txt -T 2 -t 1 -nv -o urls.out

Then just grep for the HTTP 200 OK string out of urls.out

# grep “200 OK” urls.out > urls.out.httpok

Then tack on the html code so you can browse them all at once

# cat urls.httpok | awk ‘{print “\<img width=\”200px\” src=\””$4″\”\ />”}’ > urls.htm

Then simply fire it up in your favourite browser

# firefox urls.htm