Re: [Dorset] Monitoring Internet Connectivity.
On Fri, 08 Mar 2019 16:23:55 +, Ralph Corderoy wrote: > I've not used it, and don't fully understand its operation, but I > wonder if RADIUS is well suited to the `authentication and > authorisation' of clients to the home network. I have got the impression from these messages that Tim might be quite enjoying the cat and mouse game, and so going straight for the 'nuclear option' of RADIUS might spoil the fun! Having said that, perhaps I am underestimating the adversary. One 'cheaper' option for authentication would be to just have more than one WiFi SSID. -- Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Monitoring Internet Connectivity.
Hi Ralph On 08/03/2019 16:23, Ralph Corderoy wrote: Hi Tim, There's a fair number of devices (20-30) on the network at any time. I've not used it, and don't fully understand its operation, but I wonder if RADIUS is well suited to the `authentication and authorisation' of clients to the home network. https://freeradius.org/ is popular and packaged for Debian. This would be at a higher level than MAC or IP address and allow password or certificates to be used for authentication. With RADIUS's third `A', accounting, CC#2 could be given the option of out of hours access for a fee. :-) Haha - thanks, will do some reading. Cheers Tim -- Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Monitoring Internet Connectivity.
Hi Keith On 08/03/2019 16:46, Keith Edmunds wrote: You might want to install arpalert, too. http://www.arpalert.org/arpalert.html Thanks, have installed and set this up. Cheers Tim -- Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Monitoring Internet Connectivity.
You might want to install arpalert, too. http://www.arpalert.org/arpalert.html -- Linux Tips: https://www.tiger-computing.co.uk/category/techtips/ -- Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Monitoring Internet Connectivity.
Hi Tim, > There's a fair number of devices (20-30) on the network at any time. I've not used it, and don't fully understand its operation, but I wonder if RADIUS is well suited to the `authentication and authorisation' of clients to the home network. https://freeradius.org/ is popular and packaged for Debian. This would be at a higher level than MAC or IP address and allow password or certificates to be used for authentication. With RADIUS's third `A', accounting, CC#2 could be given the option of out of hours access for a fee. :-) -- Cheers, Ralph. -- Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Monitoring Internet Connectivity.
Hi Stephen On 08/03/2019 11:17, Stephen Wolff wrote: Hiya then for around 30 minutes in the morning, returning exactly as Cost Centre #2 left for school. Blimey. Hadn’t considered that CCs could upset networking routing in the house. I think I’d better try this SmokePing thing Try Ralph's script - it tracked down the culprit for me pretty quickly! Cheers Tim -- Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Monitoring Internet Connectivity.
Hi Ralph On 08/03/2019 11:12, Ralph Corderoy wrote: Hi Tim, then for around 30 minutes in the morning, returning exactly as Cost Centre #2 left for school. I was going to mention at the club if it could be your policy rules interfering. It didn't occur to me it could be them being routed around. :-) A few months ago, everything starts being a bit flaky. Sometimes I can't get a DHCP response from Golux when trying to connect my own laptop to one Wifi access point, but can do from one of the others. I have my suspicions, especially as rebooting the router clears the problem. Suspicions reinforced as flushing the router ARP table also clears the problem. But can't see anything untoward in the ARP table contents. Could #CC2 be switching to your laptop's MAC address? I think the evidence is that he's switching to Golux's IP address, as I lose connectivity with Golux from work (over VPN) when he's doing his thing. My laptop's off/asleep so it's really out of the equation. What I can't explain though is that I can't contact the router either from work during those times, and from the logs the router WAN actually goes down. I did suspect at one point he may be plugging another router into a phone extension socket, but have ruled that out. Could be down to the router being configured to use Golux as its DNS server. 7. So, last night, a quick fix of blacklisting CC#2's phone MAC for Wifi access in all the access points, although longer term will change this to a whitelist and IP filtering. How about leaving the mouse to continue his excursions, but see if you can monitor traffic levels over time by MAC or IP address on the Draytek. Or if the Draytek doesn't offer that, on Golux, if all traffic must pass through it to reach the Draytek. That might give a clue as to what's being spoofed? Yes, I had that in mind. If it's just the IP address it should be fairly quick to nail. If it's MAC and IP address, could take a bit of figuring and may be easier to bring out the thumbscrews :) There's a fair number of devices (20-30) on the network at any time. Cheers Tim -- Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Monitoring Internet Connectivity.
Hiya >> then for around 30 minutes in the morning, returning exactly as Cost >> Centre #2 left for school. Blimey. Hadn’t considered that CCs could upset networking routing in the house. I think I’d better try this SmokePing thing -- Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
Re: [Dorset] Monitoring Internet Connectivity.
Hi Tim, > then for around 30 minutes in the morning, returning exactly as Cost > Centre #2 left for school. I was going to mention at the club if it could be your policy rules interfering. It didn't occur to me it could be them being routed around. :-) > A few months ago, everything starts being a bit flaky. Sometimes I > can't get a DHCP response from Golux when trying to connect my own > laptop to one Wifi access point, but can do from one of the others. I > have my suspicions, especially as rebooting the router clears the > problem. Suspicions reinforced as flushing the router ARP table also > clears the problem. But can't see anything untoward in the ARP table > contents. Could #CC2 be switching to your laptop's MAC address? > 7. So, last night, a quick fix of blacklisting CC#2's phone MAC for > Wifi access in all the access points, although longer term will change > this to a whitelist and IP filtering. How about leaving the mouse to continue his excursions, but see if you can monitor traffic levels over time by MAC or IP address on the Draytek. Or if the Draytek doesn't offer that, on Golux, if all traffic must pass through it to reach the Draytek. That might give a clue as to what's being spoofed? -- Cheers, Ralph. -- Next meeting: BEC, Bournemouth, Tuesday, 2019-04-02 20:00 Check to whom you are replying Meetings, mailing list, IRC, ... http://dorset.lug.org.uk/ New thread, don't hijack: mailto:dorset@mailman.lug.org.uk
