Odd DHCP lease entry
-
Anyone ever see anything like this? My lease time is one day.
Hacked? Malware?
-
What device is using that mac? Do you know?
You can set any mac address you want.. Anything that is not all zeros would really be viable mac address I would think.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
@johnpoz
Unknown device and Offline, MAC lookup at MAC sites results in error (which figures). I never manually set or cloned a MAC, and had never had leases set to not expire. Neighborhood hacker jumping on my Wi-Fi? That's the only place I use DHCP, -
So your saying its wireless connection? What wireless are you running? Unifi for example I can see what ap connected to, when, what traffic its moving..
It could of just been a glitch in assigning the lease, etc. Or device sending a bogus mac - for something to access your wifi it would have to know the psk..
Change it ;) see what stops working ;)
Neighborhood hacker jumping on my Wi-Fi?
What is your psk P@55w0rd! ?? The odds of some neighborhood hacker breaking your actual secure psk is pretty freaking low.. Even my guest PSK is 20 characters mixed Caps, Lower, Numbers and Specials.. Which is why I have QR code printed out on business cards for guests to scan ;)
-
@johnpoz
It's an old Buffalo (2008) 54Mb with DD-WRT, WPA-2, AES (PSK n/a) used for phones and laptop. Anything else is static. OK, will just delete it and see what happens. Thanks for the help. If it suddenly pops up again, I think I'll just go static addressing. Will post if anything changes. Thanks again, have a great holiday! -
It could be something glitched as well - Have seen reports of say TVs wifi mac addresses going all funky etc..
I would make sure you delete the lease.. Yeah change your psk, and then see if any of your devices loose their connection..
But again unless your using something like wep or open.. And you actually have a secure WPA2 psk setup - its unlikely the kid next door hacked your wifi ;)
-
-
Yea wpa2 psk should default to AES/CCMP only.. vs possible depreciated tkip..
-
@johnpoz
Thanks, that's what I have. -
Is your actual psk secure.. Something closer to 33S^vHwFGMce6FStGOXk vs P@55w0rd! ;)
@johnpoz
It's an old Buffalo (2008) 54Mb with DD-WRTSo your only running G for wireless? ugggh ;)
-
@johnpoz
It's a 26 character phrase (and not ABCD...Z!)Do I really need gig throughput to read my mail? :)
One man show. I mostly RDP to my basement network which is gig. The Buffalo switch is 10/100 so my main floor hardwired has 100. If interested I can give an inventory of my antiques...
On another topic, if you would care to look at this post, I'd appreciate any input. I'm all kinds of trouble today! :)
https://forum.netgate.com/topic/159371/traffic-shaping-not-honored
Thanks again for your help. -
Any IOS14 devices using private mac?
Disable it if so and see if the issue goes away.
-
@rod-it
Thanks for the reply, but no. I had plugged in a new streamer device on 12/23 that had a mfg date of 11/13, but the lease was 12/13. ¯_ (ツ)_/¯ I have deleted and will observe. Thanks again. -
Does ping -a 192.168.0.103 give you anything, perhaps a name or brand was cached that might help you?
Whatever it is, you're not alone, it's been posted many times over the years, and on multiple forums.
https://forum.netgate.com/topic/43720/mac-address-00-ab-00-00-00-00/
A few people suggest this is some type of IoT based device with cheap network kit where the mac is spoofed to whatever they want it to be, other people say it's bootp.
Are you running your ISPs modem in bridged mode, could it be this?
-
@rod-it
No, no reply. I have my own modem, so I don't think so. Thanks for the link. Maybe it's my TV or a laptop I rebuilt for a friend. ¯\_ (ツ)_/¯ -
I'd probably do as suggested on that other thread, set it to a DHCP reservation for that mac, then create a firewall block rule for the IP. Keep an eye on the states for that rule, look in to it if anything is shown and that may give you a clue - or when you realise something is no longer working.
I hope you find the culprit though
-
@rod-it
Appreciate the support. Thanks! -
@johnpoz said in Odd DHCP lease entry:
Anything that is not all zeros would really be viable mac address I would think.
You might want to avoid mulitcast MAC addresses. Those are any with the least significant bit of the first octet. That would also include the broadcast MAC of all 1s.
-
@johnpoz @Rod-It
Just thinking this over again. A while back I tried to mount a USB wireless NIC to my pfSense VM. I tried using both Windows Internet Connection Sharing and bridging in both Windows and pfSense, trying to create an wireless access point. The exercise failed, but maybe bridging is the the cause.
