On Mon, 02 Mar 2015 18:56:46 +0100 Pol Hallen <de...@fuckaround.org> wrote:
> Hi all :-) > > An easy environment: 1 server 2 lans: > > 192.168.1.0 - local lan1 > 192.168.2.0 - local wlan0 > > only one dhcp server manages these 2 lans > > Sometimes I see inside the arp table (from wlan0) a strange IP like: > > 10.168.245.246 or similar > > what does it mean? > Could be a PC with static IP goes inside my lan (via wireless) or > what? > Yes. A WAP may relay packets before it knows that the sender is authenticated, as many authentication mechanisms involve TCP exchanges and therefore need a valid local IP address. Your DHCP logs may well show addresses being handed out to these outsiders, but presumably your other logs do not show anyone actually being authenticated at the time you see these addresses. I don't believe that wireless encryption methods are relevant at the DHCP level, so even though your WAP uses WPA2 and a long password, which will stop anyone being authenticated, this doesn't affect DHCP negotiations. Let's put it this way: in a network belonging to one of my clients, I often see DHCP addresses being handed out to machines that do not belong in the network, but there is never a sign of any further use of those addresses. There is certainly a strong WPA2 passphrase set there. I believe that during DHCP negotiations, the addresses 0.0.0.0 and 255.255.255.255 can be used, but I don't think there is much checking, as DHCP traffic works on MAC addresses until an IP address is assigned. I recently mentioned here that my Win8 machine was taking exception to my DHCP server using 127.0.1.1 as a source address, while every other OS that has used my network has not even noticed. So an outsider could be using any source address, and is likely to use the one it last managed to lease from the correct network. -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150302185536.131f2...@jresid.jretrading.com
