holy flapping mobile wireless batman

27 02 2012

I had been seeing more & more 10.x.x.x addresses blocked in my FW logs hitting the inside interface. The address range on my inside network is 192.168.0.0/24 – so naturally I was concerned & wanted to know what the hell it was.

Digging through firewall logs, I found the MAC address of the offending device. It turned out to be my Wife’s mobile phone. Samsung Galaxy Ace.

What I saw was plenty of connections permitted on the internal address, then a couple blocked on a “random” 10.x.x.x address – followed by more on the internal address.

This cycle repeated for hours on end.

Trojan / Malware / What The ??

Using the MAC address – I checked the Assosciations to my Wireless Access point:

Sure enough, it turns out that the wireless connection is flapping like crazy. Dropping on & off my wireless network.

It drops off the network, Telstra gives it a private 10.x address

It get back on the WLAN, still transmitting on the 10.x until it gets a DHCP lease from my Access Point.

The traffic that it sends onto my wireless lan while it still has the 10.x address from Telstra is blocked – and reported.

Another mystery solved…… now to work out why its flapping so much – and not behaving like my Samsung Galaxy S2 – Associates once & is done with it (example below when I got home at 6pm)

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: