Opened 11 years ago

Closed 11 years ago

Last modified 9 years ago

#39 closed request (fixed)

[72attendees] Rogue 6to4 RA on wireless network

Reported by: Tim Chown <tjc@…> Owned by: joelja@…
Priority: blocker Milestone:
Component: wireless Keywords:
Cc: My Current Location:
My MAC Address: My OS:

Description (last modified by joelja@…)

Hi,

We still have a rogue RA on the wireless network today, the same one as
yesterday.

The Ethernet source of the RA is an Intel adapter 00:19:d2:7f:a6:52.

The IPv6 source is fe80::6c4e:8ed1:3ad2:4cc4 which might be a Windows
Vista 'randomised' host address.

It's advertising prefix 2002:8281:1394:9:: so has IPv4 addr 130.129.19.148.

It's also offering an fec0:: prefix so is probably running Windows ICS
(perhaps because the system has IPv6 on but is filtering incoming IPv6 RAs
 in the host firewall?)

Anyone got any other clues?

Anything the local ops guys can do? :)

Tim
_______________________________________________
72attendees mailing list
72attendees@ietf.org
https://www.ietf.org/mailman/listinfo/72attendees

Change history (9)

comment:1 Changed 11 years ago by Tim Chown

id: 39

This message has 0 attachment(s)

comment:2 Changed 11 years ago by llynch@…

Component: incomingwireless
Description: modified (diff)
Owner: changed from llynch@… to joelja@…
Priority: blocker
Status: newassigned
Type: request

Joel -

wanna play whack-a-mole?

comment:3 Changed 11 years ago by joelja@…

Description: modified (diff)

comment:4 Changed 11 years ago by Bill Fenner

This looks like a dup of #29 - did my blacklist entry from yesterday expire?

comment:5 Changed 11 years ago by joelja@…

Resolution: pending
Status: assignedclosed

user is gone

comment:6 Changed 11 years ago by Bill Fenner

Resolution: pending
Status: closedreopened

I noticed this RA again, from the same IP address and same MAC address, so I blacklisted it again in the Aruba - 00:19:d2:7f:a6:52 .

comment:7 Changed 11 years ago by Bill Fenner

Obviously, "blacklist" does not mean what I think it means, since this is back again.

comment:8 Changed 11 years ago by llynch@…

Resolution: fixed
Status: reopenedclosed

network done now

comment:9 Changed 9 years ago by (none)

Milestone: IETF Week ieft 72

Milestone IETF Week ieft 72 deleted

Note: See TracTickets for help on using tickets.