strange vlan connection

Discussion in 'HyperWRT Firmware' started by lol24h, Jul 8, 2006.

  1. lol24h

    lol24h Network Guru Member

    Ok, to make it short and clear.
    My router is : Linksys WRT54G
    rockin' firmware :rockon: : v4.71.1, Hyperwrt 2.1b1 + Thibor15c
    My connection to the world is through DSL modem, workin' like a bridge, so the connection with my ISP is a kind of vlan.

    Here's my Device list :
    IF	MAC Address	IP Address	Name	RSSI	Lease
    	xx:xx:xx:xx:xx:xx	xxxxxx		0 days, 02:20:06
    br0	xx:xx:xx:xx:xx:xx	xxxxxx	-80 dBm	0 days, 21:17:49
    	xx:xx:xx:xx:xx:xx	xxxxxx		0 days, 06:11:07
    vlan1	xx:xx:xx:xx:xx:xx	xx.xx.178.1		
    xx.xx.178.1 is my default gateway. However sometimes it shows another vlan connection, like:
    vlan1 xx:xx:xx:xx:xx:xx xx.xx.178.21

    I've checked names of these adresses and it appears to be ordinary name of xdsl users, like :

    The gateway has got completely different name, like:

    I don't use vlan connection and I'm pretty sure that my neighbours (with whom I share internet) also not.
    It looks very suspicious. Have you got any ideas, what it could be ?
  2. Thibor

    Thibor Super Moderator Staff Member Member

    vlan1 is your wan connection.
  3. lol24h

    lol24h Network Guru Member

    But why sometimes there's connection NOT ONLY with gateway of my ISP but ALSO with another adress ??
    I've written clearly, i.e. xx.xx.178.21 is rather not adress of one my provider's server's , which delivers me internet service, but other client of this provider.

    I see sth like this :

    vlan1 xx:xx:xx:xx:xx:xx xx.xx.178.1
    vlan1 xx:xx:xx:xx:xx:xx xx.xx.178.21

    I hope now it's obvious.
  4. Thibor

    Thibor Super Moderator Staff Member Member

    i would think that it is a cached wan ipaddress.
  5. lol24h

    lol24h Network Guru Member

    what do you mean by this words : "a cached wan ipaddress."
    Cached wan ip adress... ok. But, what's the purpose of cachin' this specific adress ?

    P.S. thx for moving my topic.
  6. Thibor

    Thibor Super Moderator Staff Member Member

    if your wan address is renewed, and you get a new ip address your old address and hostname may still show in the DeviceList. it's nothing to worry about.
  7. lol24h

    lol24h Network Guru Member

    I have a static address... xx.xx.178.169 , and I don't understand, why there's connection with xx.xx.178.21 besides the gateway xx.178.1 .
    How it could be renewed ??? it's static.

    there's no my address in devicelist... there's guys in my wlan , including me, wan gateway and sometimes this ANOTHER wan address xx.xx.178.21,

    like this

    IF MAC Address IP Address Name RSSI Lease
    ---------------- 1 0 days, 19:38:33
    -------------- 1 0 days, 23:43:20
    br0 ------------ 1 -76 dBm 0 days, 20:35:12
    vlan1 ----------- xx.xx.178.1
    vlan1 -------------- xx.xx.178.21
  8. Thibor

    Thibor Super Moderator Staff Member Member

    i don't know
  9. lol24h

    lol24h Network Guru Member

    Right, tell me just two thing.
    1. Is it possible that somebody wants to break into my WRT or other PCs in W/LAN ?
    2. Can I block this address and how ?
  10. Thibor

    Thibor Super Moderator Staff Member Member

    1. very unlikely
    2. with the firewall script
  11. tempralflux

    tempralflux Network Guru Member

    I get the same thing when i check the "listed devices" but only when i remote login to my son`s router who is with the same provider and is not to far away from me. The IP and MAC are from the router that i login to. Is this due to being on the same subnet.
  12. mstombs

    mstombs Network Guru Member

    The device list presents the contents of the arp table, entries remain in this arp table for around 5 minutes after a connection has been made - so it doesn't mean that the router is conected to those devices, but it has communicated with it within the last 5 minutes. If the ISP provides an IP address and netmask that defines a network ie then the router will determine the mac address of the owner of any IP address in the same subnet using the arp protocol, and it will get an entry in this table.

    When connected to my adsl modem in half-bridge mode I also usually have 2 vlan1 entries, one for the 'local' IP address of the modem, a second for the ISP gateway which is relayed by the modem using 'proxy arp', these are not in the same subnet as the router WAN mask is, but special routing rules are applied.

    So multiple entries are not necessarily a problem - but essential to have firewalls when connected to the internet!

    Note: The arp protocol is ancient, all based on trust without any security in mind. Hacker tools such as arp-poison and arp-spoof can be used - if you allow physical access to your local network.
  13. tempralflux

    tempralflux Network Guru Member

    Cheers that explains it and hopefully for the original poster.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice