Opened 3 years ago

Closed 3 years ago

Last modified 5 weeks ago

#767 closed request (fixed)

rogue DHCP server on hotel wired LAN

Reported by: shep@… Owned by: chelliot@…
Priority: tbd Milestone: ietf-090
Component: incoming Keywords:
Cc: My Current Location:
My MAC Address: My OS:

Description


Hotel wired net was working fine for me before but this afternoon
(around 3:10pm) when I tried again a rogue DHCP server was giving me a
192.168.1.* address, with 192.168.1.1 as a default route.  No DNS and
no network connectivity through that seemd to work. (I could not ssh
home to an IP address.)

I'm in room 13-141.

The MAC address of 192.168.1.1 is:

$ arp -n -a
? (192.168.1.1) at cc:34:29:90:8b:49 [ether] on wlan0


and I was unable to connect to it with HTTP.

ssh to it however did reveal this banner:


$ ssh root@192.168.1.1
The authenticity of host '192.168.1.1 (192.168.1.1)' can't be established.
RSA key fingerprint is f4:ab:24:5c:73:e3:49:21:42:84:1a:c9:14:ec:53:e2.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.1' (RSA) to the list of known hosts.
DD-WRT v24-sp2 std (c) 2012 NewMedia-NET GmbH
Release: 03/15/12 (SVN revision: 18740)
root@192.168.1.1's password: 




			-Tim Shepard
			 shep@alum.mit.edu

Change history (4)

comment:1 Changed 3 years ago by chelliot@…

Owner: changed from llynch@… to chelliot@…
Status: newaccepted

comment:2 Changed 3 years ago by chelliot@…

Sent message to 90attendees with information regarding two rogue devices and contacted the hotel network support staff. They are going to find the ports the two devices are connected to and shut them down. They will also supply the room numbers so that we or the hotel can contact the owners so they can fix the issue and then we can get their ports turned back on.

Chris.

comment:3 Changed 3 years ago by chelliot@…

Resolution: fixed
Status: acceptedclosed

The ports to the rooms have been disabled and the residents contacted. These two rogues should be fixed. Let's hope there's not any others!

Chris.

comment:4 Changed 5 weeks ago by Rick Alfvin

Milestone: ietf-90ietf-090

Milestone renamed

Note: See TracTickets for help on using tickets.