DHCP lease dubplicate errors.
-
@ kejianshi,
Thank you for your kind reply.
The Access points are indeed located on a quite busy locations, and therefore will require a large range of IP addresses.
I also adore the elegance of simplicity.
Since im using 2 dual intel server nics, i segregated the lan clients and the wifi users before. the setup you described was quite identical to my setup before.
however, since my wifi controller is on the lan side of pf and i wish to manage the Access Points and other lan devices, I've decided to integrate both lan and wireless users. This enabled me to monitor my entire network on a single management pc. Im using Ubiquiti Unifi APs and several Airmax wireless bridges. This also able me to add APs on the same network as desired.
Just recently i decided to put all APs on static IPs and yesterday i only have 2 lease errors. looks like im doing something right here. will update you guys if this will do the trick. i still have some wireless bridges on the network to configure on static mode.
-
Ahhhhh - Yes. Its hard to control things with people coming and going. Where is this located? (just wondering)
-
After configuring all my wireless bridges to static ips and mapping them on PF, i still have few duplicate lease errors.
I'm pulling my hair off! >:( and im running out of options.
In addition, today another seemingly alarming log shows:Aug 2 17:24:26 kernel: arp: 172.16.26.20 moved from 34:6b:d3:4c:d0:26 to 94:db:c9:0e:23:82 on em0 Aug 2 17:24:26 kernel: arp: 172.16.26.20 moved from 94:db:c9:0e:23:82 to 34:6b:d3:4c:d0:26 on em0 Aug 2 16:00:43 kernel: arp: 172.16.31.14 moved from 34:6b:d3:4c:d0:26 to 8c:a9:82:ac:fc:50 on em0 Aug 2 16:00:43 kernel: arp: 172.16.31.14 moved from 8c:a9:82:ac:fc:50 to 34:6b:d3:4c:d0:26 on em0Is someone mac spoofing the captive portal? Could this be the culprit of the duplicate errors? ???
-
If you are allowing access per MAC, then yes. MACs can easily be spoofed or even duplicated an many sites to get onto your network.
-
Agree. I think the captive portal associates the voucher codes with the clients mac address. Once they're paired after authentication that MAC address is granted a pass thru to access the internet. If someone knows a mac that is already authenticated and clone that to his device, he may be able to have a free connection.
Is this what it looks like in the logs? is my speculation not far fetch? are there any scenarios less suspicious?
-
Or the IPs are being handed out VIA DHCP so each time a previously known MACs IP is changed for some reason, you will see that also.
If you see the same MAC used simultaneously and switching back and forth alot its probably been spoofed. This is an unsercure, unencryped wifi? -
Or the IPs are being handed out VIA DHCP so each time a previously known MACs IP is changed for some reason, you will see that also.
Thank you.
Can this scenario result in duplicate lease errors?If you see the same MAC used simultaneously and switching back and forth alot its probably been spoofed. This is an unsercure, unencryped wifi?
On the logs the mac-changing-errors occurred on the same time. Yes this is unsecured and unencrypted wifi.
-
If its unsecure, there, yes. More than likely someone is using a simple packet sniffer and has a record of all the MACs in use on your system. This would be very easy for them to get on an unsecure wifi. Hacking wifi is like a national sport there.
-
waaaaaa…........................ I'll be damned if this is happening here too.
The log above just shows that the macs have been cycling on just three addresses:
34:6b:d3:4c:d0:26 = MAC address 346BD3 Company Huawei
94:db:c9:0e:23:82 = MAC address 94DBC9 Company Azurewave
8c:a9:82:ac:fc:50 = MAC address 8CA982 Company Intel CorporateI'm wondering how to make this public hotspot more secure. should i migrate away from PFs' Captive portal?
-
Use captive portal with WAP2.
This way, in the future, a person standing to the side can't sniff the unencrypted packets, get your MACs then use the MACs to get a free ride on your wifi.
It won't prevent one of your customers from sharing the WPA2 key though if they purposely want to do that.